Re: RADIUS (Summary)

Dave Stewart (dbs@HOM.NET)
Sun, 22 Feb 1998 17:04:06 -0500

At 01:07 PM 2/22/98 -0600, Aleph One wrote:
>This is a summary of reports about the radius vulnerability that
>Phillip R. Jaenke reported. Giving the large number of people that
>have reported that they are not vulnerable I must wonder what is
>unique in Phillip's environment that is causing this. Only one person
>reported Merit RADIUS being vulnerable and that has not been
>confirmed yet.
>
>So far reported not vulnerable:
>
>Merit 2.4.23C,
>Livingston RADIUS 2.0.1 97/5/22
>Livingstons RADIUS 2.01
>Perl RADIUS module
>MacRADIUS
>ESVA Radius
>
>Reported vulnerable:
>
>Livingston 1.16 to 2.01 (Phillip R. Jaenke)
>RadiusNT v2.x (Phillip R. Jaenke)
>merit radius 2.4.23C (jbeley@puma.sirinet.net)

To explain further -

Any RADIUS that's based on Livingston RADIUS 2.0 and higher should be
checking for a space in the username, and automatically rejecting the login
attempt.

I'm running Livingston RADIUS 2.01 under Solaris 2.4 (on a Sparc 10) and
under Solaris 2.5 on a Sparc 2. ANY username containing a space causes the
daemon to send a reject to the terminal server.

I've tried to recreate Phillip's bug report from my Cisco 2511 terminal
servers and my Portmaster 3 terminal servers - I can't do it. No matter
how many spaces I include anywhere in the username, the RADIUS daemon
behaves exactly as expected and returns a reject to the terminal server,
while logging the reject and indicating that it found a space in the username.

I'm with Aleph One on this one... there simply must be something else in
the environment that's causing the daemon to crash.

Dave Stewart
System Manager
Homenet Communications, Inc.
==========================================================
PGP Public Key located at:

http://www.hom.net/~dbs/dbspub.txt
Or the MIT Public key server
==========================================================
Mirabilis ICQ UIN - 4982852