[6165] in bugtraq
Re: RADIUS (Summary)
daemon@ATHENA.MIT.EDU (Josh Richards)
Mon Feb 23 18:49:35 1998
Date: Sun, 22 Feb 1998 15:07:37 -0800
Reply-To: Josh Richards <jrichard@LIVINGSTON.COM>
From: Josh Richards <jrichard@LIVINGSTON.COM>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <Pine.SUN.3.94.980222130546.15836F-100000@dfw.dfw.net>
On 22 Feb 1998, Aleph One wrote:
> This is a summary of reports about the radius vulnerability that
> Phillip R. Jaenke reported. Giving the large number of people that
> have reported that they are not vulnerable I must wonder what is
> unique in Phillip's environment that is causing this. Only one person
> reported Merit RADIUS being vulnerable and that has not been
> confirmed yet.
Phillip,
What Unix platform are you having this occur on? I am unable to reproduce
this so far with RADIUS 2.0.1 which you earlier reported as being
vulnerable. Also, on the portmaster-radius users lists, people are also
_not_ having any luck exploiting this, yet.
Also, specifically which RadiusNT v2.x revision? The NT RADIUS is
maintained as a separate code base.
>
> So far reported not vulnerable:
>
> Merit 2.4.23C,
> Livingston RADIUS 2.0.1 97/5/22
> Livingstons RADIUS 2.01
> Perl RADIUS module
> MacRADIUS
> ESVA Radius
>
> Reported vulnerable:
>
> Livingston 1.16 to 2.01 (Phillip R. Jaenke)
> RadiusNT v2.x (Phillip R. Jaenke)
> merit radius 2.4.23C (jbeley@puma.sirinet.net)
----
Josh Richards - <jrichard@livingston.com> - [Beta Engineer]
LUCENT Technologies - Remote Access Business Unit
(formerly Livingston Enterprises, Inc.)
http://www.livingston.com/
