Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Turbolinux TLSA-2003-32: Radiusd-Cistron DoS

Turbolinux TLSA-2003-32: Radiusd-Cistron DoS

by Nikola Strahija on May 21st, 2003 A vulnerability has been discovered which could allow denial-of-service attacks against Radius servers and clients. On some systems, if the attacker knows the shared secret, it is possible to execute arbitrary code.


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
--------------------------------------------------------------------------
Turbolinux Security Advisory TLSA-2003-32
http://www.turbolinux.co.jp/security/
[email protected]
--------------------------------------------------------------------------
Original released date : 20 May 2003
Last revised : 20 May 2003
Package : radiusd-cistron
Summary : DoS vulnerabilities in radiusd-cistron
More information :
A failure to check the vendor-length of vendor-specific attributes,
also possibiliting a Denial of Service attack against RADIUS servers.
Impact :
The vulnerabilities allow an attacker can cause a denial of service
of the RADIUS server or client. On some systems, it may also allow the
execution of code, especially if the attacker has knowledge of the
shared secret.
Affected Products :
- Turbolinux 8 Server
- Turbolinux 8 Workstation
- Turbolinux 7 Server
- Turbolinux 7 Workstation
- Turbolinux Server 6.5
- Turbolinux Advanced Server 6
- Turbolinux Server 6.1
Solution :
Please use turbopkg tool to apply the update.

Source Packages
Size : MD5
radiusd-cistron-1.6.6-4.src.rpm
205214 e0af031db55bccefa4523722666c8c95
Binary Packages
Size : MD5
radiusd-cistron-1.6.6-4.i586.rpm
151317 bd9fe366fb9669a930297bd355c8e5d4

Source Packages
Size : MD5
radiusd-cistron-1.6.6-4.src.rpm
205214 71e06dd8405bcded482f1d15a1315fc0
Binary Packages
Size : MD5
radiusd-cistron-1.6.6-4.i586.rpm
151372 86716266277a37942bd155bc2acec928

Source Packages
Size : MD5
radiusd-cistron-1.6.6-4.src.rpm
205214 2bfd1b7c7477740bdb6984260922c6a9
Binary Packages
Size : MD5
radiusd-cistron-1.6.6-4.i586.rpm
148916 b44486cc4b932db4d27821614c324b0b

Source Packages
Size : MD5
radiusd-cistron-1.6.6-4.src.rpm
205214 1c00bfc04d9d4d224efbc14201979288
Binary Packages
Size : MD5
radiusd-cistron-1.6.6-4.i586.rpm
149072 f427a5364e412bc1f68297e1a5e3ebe5

Source Packages
Size : MD5
radiusd-cistron-1.6.6-4.src.rpm
205214 c1646022a3643444339098dd9396af42
Binary Packages
Size : MD5
radiusd-cistron-1.6.6-4.i386.rpm
182190 12f689f09fca1549bae3c2a579046a00

Source Packages
Size : MD5
radiusd-cistron-1.6.6-4.src.rpm
205214 78696a053befba34bf22c8fe26012f6a
Binary Packages
Size : MD5
radiusd-cistron-1.6.6-4.i386.rpm
182159 80e72668c4fbbfa0f0b64d2d81be4155

Source Packages
Size : MD5
radiusd-cistron-1.6.6-4.src.rpm
205214 e3341d8f6b16d935ec51fe73e1f4e6de
Binary Packages
Size : MD5
radiusd-cistron-1.6.6-4.i386.rpm
182178 28691f9f7352aba2580ca09687ad77a4
References :
Cistron RADIUS server
[ChangeLog]
http://www.radius.cistron.nl/ChangeLog
CERT Advisory
[CA-2002-06]
http://www.cert.org/advisories/CA-2002-06.html
--------------------------------------------------------------------------
Revision History
20 May 2003 Initial release
--------------------------------------------------------------------------
Copyright(C) 2003 Turbolinux, Inc. All rights reserved.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQE+yZUcK0LzjOqIJMwRAsY4AJ9XUxDWSm5xrgUjOEWCd+eTmP9LcgCfZsiR
0kHgYH1BBvq6jStRLq1sNfo=
=yIZo
-----END PGP SIGNATURE-----


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »