|
|
|
|
|
|
| ISP Resources |
| ISP-Lists ISP Glossary ISP News The List ISPCON Events Free Newsletters |
|
|
|
||
| internet.commerce | ||
|
Partner With Us |
CERT Warns of Two RADIUS Flaws
The Computer Emergency Response Team Coordination Center (CERT/CC) warned of flaws in several implementations of the Remote Authentication Dial In User Service (RADIUS) protocol.
 |
Flaws in a number of implementations of the Remote Authentication Dial In User Service (RADIUS) protocol could allow denial of service attacks and possibly the execution of arbitrary code on vulnerable machines, the Computer Emergency Response Team Coordination Center (CERT/CC) warned Tuesday.
Both of the vulnerabilities CERT reported are remotely executable, but the first of the two—a digest calculation buffer overflow—is more serious, as it could conceivably allow an attacker to execute code on vulnerable machines.
CERT said that during message digest calculation, a string containing a shared secret, is concatenated with a packet received without checking the size of the buffer. This makes it possible for an attacker to overflow the buffer with shared secret data, leading to a denial of service attack. However, if the attacker knows the shared secret—generally an extremely difficult bit of information to uncover—the hacker could use the information to execute arbitrary code with the privileges of the victim RADIUS server or client, usually root.
RADIUS implementations vulnerable to this flaw include:
- Ascend RADIUS versions 1.16 and prior
- Cistron RADIUS versions 1.6.4 and prior
- FreeRADIUS versions 0.3 and prior
- GnuRADIUS versions 0.95 and prior
- ICRADIUS versions 0.18.1 and prior
- Livingston RADIUS versions 2.1 and prior
- RADIUS (commonly known as Lucent RADIUS) versions 2.1 and prior
- RADIUSClient versions 0.3.1 and prior
- YARD RADIUS versions 1.0.19 and prior
- XTRADIUS versions 1.1-pre1 and prior.
There are also a number of RADIUS implementations which do not adequately validate the vendor-length of vendor-specific attributes, CERT said. Using a malformed vendor-specific attribute, an attacker could use this flaw to cause a denial of service attack against RADIUS servers.
Implementations vulnerable to this flaw include:
- Cistron RADIUS versions 1.6.5 and prior
- FreeRADIUS versions 0.3 and prior
- ICRADIUS versions 0.18.1 and prior
- Livingston RADIUS versions 2.1 and prior
- YARD RADIUS 1.0.19 and prior
- XTRADIUS 1.1-pre1 and prior.
CERT suggested that all users of vulnerable RADIUS implementations apply a patch or upgrade to the versions specified by their vendors. CERT also suggested blocking packets to the RADIUS server at the firewall and limiting access to the RADIUS server to those addresses which are approved to authenticate to the RADIUS server.
— End
| Related articles: | ||
| [Feb. 15, 2002] | Battening Down SNMP | |
| [Jan. 10, 2002] | The ISA Wants You | |
| [April 11, 2001] | Defying Double Dippers: Funk Concurrency Server | |
|
|
|
| Best of ISP-Planet | ||
|---|---|---|
|
ISP-Planet
Guide
ISP-Planet's Principal Studies Directories:
Q1 2008 Top U.S. ISPs by Subscriber (Updated 07/22/2008)
ISP-Planet's Blogroll | ||
ISP-Planet's
RSS feed
