HZGN.COM
welcome to my space
X
Search:  
Welcome to:hzgn.com
NAVIGATION - HOME

CERT Warns of Flaws In RADIUS Implementations

Published by: smith 2008-11-20

Flaws in a number of implementations of the Remote Authentication Dial In User Service (RADIUS) protocol could allow denial of service attacks and possibly the execution of arbitrary code on vulnerable machines, the Computer Emergency Response Team Coordination Center (CERT/CC) warned Tuesday.

MacInTouch Security Archive::
A Cisco security notice warns of a Mac OS X Cisco VPN client vulnerability: CERT Advisory CA-2002-15 documents a denial-of-service vulnerability in the
http://www.macintouch.com/securityarch_2002.01.htmlHOME
Both of the vulnerabilities CERT reported are remotely executable, but the first of the two -- a digest calculation buffer overflow -- is more serious, as it could conceivably allow an attacker to execute code on vulnerable machines.

CERT said that during message digest calculation, a string containing a shared secret is concatenated with a packet received without checking the size of the buffer. This makes it possible for an attacker to overflow the buffer with shared secret data, leading to a denial of service attack. However, if the attacker knows the shared secret -- generally an extremely difficult bit of information to uncover -- the hacker could use the information to execute arbitrary code with the privileges of the victim RADIUS server or client, usually root.

Incomplete List of UNIX Vulnerabilities::
The KDE SSL implementation in KDE 2.2.2 and earlier allows for a man-in-the to a denial of service when processing a specially-crafted RPC or RADIUS packet.
http://www.palisadesys.com/~ghelmer/unixsecurity/unix_vuln.htmlHOME
RADIUS implementations vulnerable to this flaw include:

  • Ascend RADIUS versions 1.16 and prior
  • Cistron RADIUS versions 1.6.4 and prior
  • Assessing Wlan Security For Your | Busniess::
    Receive guidance on configuring wireless application protocols to support wi-fi protected access (WPA) and configuring the required supporting network infrastructure.
    http://www.microsoft.com/technet/security/midsizebusiness/wirelessaccessconfig.mspx    HOME
    FreeRADIUS versions 0.3 and prior
  • GnuRADIUS versions 0.95 and prior
  • ICRADIUS versions 0.18.1 and prior
  • Livingston RADIUS versions 2.1 and prior
  • RADIUS (commonly known as Lucent RADIUS) versions 2.1 and prior
  • RADIUSClient versions 0.3.1 and prior
  • YARD RADIUS versions 1.0.19 and prior
  • XTRADIUS versions 1.1-pre1 and prior.

There are also a number of RADIUS implementations which do not adequately validate the vendor-length of vendor-specific attributes, CERT said. Using a malformed vendor-specific attribute, an attacker could use this flaw to cause a denial of service attack against RADIUS servers.

Implementations vulnerable to this flaw include:

  • Cistron RADIUS versions 1.6.5 and prior
  • FreeRADIUS versions 0.3 and prior
  • ICRADIUS versions 0.18.1 and prior
  • Livingston RADIUS versions 2.1 and prior
  • YARD RADIUS 1.0.19 and prior
  • XTRADIUS 1.1-pre1 and prior.

CERT suggested that all users of vulnerable RADIUS implementations apply a patch or upgrade to the versions specified by their vendors. CERT also suggested blocking packets to the RADIUS server at the firewall and limiting access to the RADIUS server to those addresses which are approved to authenticate to the RADIUS server.


Zero-Knowledge Knows a Little About P3P
Adobe Adds Web Services Capability to AlterCast

You are looking at:hzgn.com's CERT Warns of Flaws In RADIUS Implementations, click hzgn.com to home
  • what can i do to make my boobs bigger
  • is he gay or is he just playing around
  • quickest way to lose a stone in a month
  • what are some good screamo bands
  • is my house haunted or just infested
  • he 039 s a guy that you are likely to die forrr
  • someone told me that my career wouldn 039 t matter that i wouldn 039 t make a difference
  • green black or silver ipod
  • social anxiety stress problems
  • guys im so confused about this guy 10 pts first best answer urgent
  • is this a dumb reason to get into trouble
  • what should i say that won 039 t complicate things family
  • is his family making up his mind

  • how long does it take to get over a breakup
  • how come this had to happen 2 me
  • does anyone else think that caylee anthony is alive
  • i need to loose some weight help
  • when does fox announced what shows are returning in the fall
  • ladies has your personal trainer ever hit on you
  • wtf my parents and bf think im anorexic
  • my birthday is totally ruined
  • if claire bennet from heroes can heal instantly how come she has pierced ears
  • am i suffering from depression
  • okay im 5 039 6 177 pounds
  • myspace trouble help pleez
  • sweetest day is coming what should i do
  • best tv shows of the 90 039 s and 2000 039 s
    • #If you have any other info about this subject , Please add it free.#
    Your name:
    E-mail:
    Telphone:

    Your comments:


    If you have any other info about CERT Warns of Flaws In RADIUS Implementations , Please add it free.
     Homepage | Add to favorites | Contact us | Exchange links | LOGIN | Site map | 
    Copyright© 2008 hzgn.com        Site made:CFZ