• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Multiple Vendor Radius Short Vendor-Length Field Denial Of Service Vulnerability

Solution:
TurboLinux has released a security advisory (TLSA-2003-32) containing fixes to address this issue. Users are advised to upgrade using the turbopkg tool.

Vendor fixes available:


FreeRADIUS FreeRADIUS 0.2

• FreeRADIUS freeradius.tar.gz
  ftp://ftp.freeradius.org/pub/radius/freeradius.tar.gz

FreeRADIUS FreeRADIUS 0.3

• FreeRADIUS freeradius.tar.gz
  ftp://ftp.freeradius.org/pub/radius/freeradius.tar.gz

FreeRADIUS FreeRADIUS 0.3

• FreeRADIUS freeradius.tar.gz
  ftp://ftp.freeradius.org/pub/radius/freeradius.tar.gz

OpenRADIUS OpenRADIUS 0.8

• OpenRADIUS openradius-0.9.4.tar.gz
  http://freshmeat.net/redir/openradius/19474/url_tgz/openradius-0.9.4.t ar.gz

OpenRADIUS OpenRADIUS 0.9

• OpenRADIUS openradius-0.9.4.tar.gz
  http://freshmeat.net/redir/openradius/19474/url_tgz/openradius-0.9.4.t ar.gz

OpenRADIUS OpenRADIUS 0.9.1

• OpenRADIUS openradius-0.9.4.tar.gz
  http://freshmeat.net/redir/openradius/19474/url_tgz/openradius-0.9.4.t ar.gz

OpenRADIUS OpenRADIUS 0.9.2

• OpenRADIUS openradius-0.9.4.tar.gz
  http://freshmeat.net/redir/openradius/19474/url_tgz/openradius-0.9.4.t ar.gz

OpenRADIUS OpenRADIUS 0.9.3

• OpenRADIUS openradius-0.9.4.tar.gz
  http://freshmeat.net/redir/openradius/19474/url_tgz/openradius-0.9.4.t ar.gz

GNU Radius 0.92.1

• GNU GNU Radius 0.96
  ftp://ftp.gnu.org/gnu/radius/

GNU Radius 0.93

• GNU GNU Radius 0.96
  ftp://ftp.gnu.org/gnu/radius/

GNU Radius 0.94

• GNU GNU Radius 0.96
  ftp://ftp.gnu.org/gnu/radius/

GNU Radius 0.95

• GNU GNU Radius 0.96
  ftp://ftp.gnu.org/gnu/radius/

Yard RADIUS Yard RADIUS 1.0.16

• Yard RADIUS yardradius-1.0.20.tar.gz
  http://prdownloads.sourceforge.net/yardradius/yardradius-1.0.20.tar.gz

Yard RADIUS Yard RADIUS 1.0.17

• Yard RADIUS yardradius-1.0.20.tar.gz
  http://prdownloads.sourceforge.net/yardradius/yardradius-1.0.20.tar.gz

Yard RADIUS Yard RADIUS 1.0.18

• Yard RADIUS yardradius-1.0.20.tar.gz
  http://prdownloads.sourceforge.net/yardradius/yardradius-1.0.20.tar.gz

Yard RADIUS Yard RADIUS 1.0.19

• Yard RADIUS yardradius-1.0.20.tar.gz
  http://prdownloads.sourceforge.net/yardradius/yardradius-1.0.20.tar.gz

XTRadius XTRadius 1.1 -pre2

• XTRadius xtradius-1.2.1beta.tgz
  http://prdownloads.sourceforge.net/xtradius/xtradius-1.2.1beta.tgz

XTRadius XTRadius 1.1 -pre1

• XTRadius xtradius-1.2.1beta.tgz
  http://prdownloads.sourceforge.net/xtradius/xtradius-1.2.1beta.tgz

Miquel van Smoorenburg Cistron Radius 1.6 .0

• Cistron RADIUS Cistron RADIUS 1.6.6
  http://www.radius.cistron.nl/

Miquel van Smoorenburg Cistron Radius 1.6.1

• Cistron RADIUS Cistron RADIUS 1.6.6
  http://www.radius.cistron.nl/


• Conectiva radiusd-cistron-1.6.6-1U50_1cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/5.0/5.0/i386/radiusd-cistron-1.6.6 -1U50_1cl.i386.rpm


• Conectiva radiusd-cistron-1.6.6-1U50_1cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/5.0/i386/rad iusd-cistron-1.6.6-1U50_1cl.i386.rpm


• Conectiva radiusd-cistron-1.6.6-1U50_1cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/5.0/i386/radi usd-cistron-1.6.6-1U50_1cl.i386.rpm


• Conectiva radiusd-cistron-1.6.6-1U51_1cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/5.1/5.1/i386/radiusd-cistron-1.6.6 -1U51_1cl.i386.rpm


• Conectiva radiusd-cistron-1.6.6-1U60_1cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/6.0/6.0/RPMS/radiusd-cistron-1.6.6 -1U60_1cl.i386.rpm

Miquel van Smoorenburg Cistron Radius 1.6.2

• Cistron RADIUS Cistron RADIUS 1.6.6
  http://www.radius.cistron.nl/


• SuSE cistron-1.6.2-20.alpha.rpm
  ftp://ftp.suse.com/pub/suse/axp/update/6.4/n2/cistron-1.6.2-20.alpha.r pm


• SuSE cistron-1.6.2-21.ppc.rpm
  ftp://ftp.suse.com/pub/suse/ppc/update/6.4/n2/cistron-1.6.2-21.ppc.rpm


• SuSE cistron-1.6.2-25.i386.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/6.4/n2/cistron-1.6.2-25.i386.r pm

Miquel van Smoorenburg Cistron Radius 1.6.3

• Cistron RADIUS Cistron RADIUS 1.6.6
  http://www.radius.cistron.nl/


• Conectiva radiusd-cistron-1.6.6-1U70_1cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/7.0/7.0/RPMS/radiusd-cistron-1.6.6 -1U70_1cl.i386.rpm


• SuSE cistron-1.6.3-4.sparc.rpm
  ftp://ftp.suse.com/pub/suse/sparc/update/7.0/n2/cistron-1.6.3-4.sparc. rpm


• SuSE cistron-1.6.3-76.i386.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/7.0/n2/cistron-1.6.3-76.i386.r pm


• SuSE cistron-1.6.3-8.alpha.rpm
  ftp://ftp.suse.com/pub/suse/axp/update/7.0/n2/cistron-1.6.3-8.alpha.rp m


• SuSE cistron-1.6.3-85.ppc.rpm
  ftp://ftp.suse.com/pub/suse/ppc/update/7.0/n2/cistron-1.6.3-85.ppc.rpm

Miquel van Smoorenburg Cistron Radius 1.6.4

• Cistron RADIUS Cistron RADIUS 1.6.6
  http://www.radius.cistron.nl/


• SuSE radiusd-cistron-1.6.4-167.i386.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/7.2/n3/radiusd-cistron-1.6.4-1 67.i386.rpm


• SuSE radiusd-cistron-1.6.4-168.i386.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/7.1/n3/radiusd-cistron-1.6.4-1 68.i386.rpm


• SuSE radiusd-cistron-1.6.4-168.i386.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/7.3/n3/radiusd-cistron-1.6.4-1 68.i386.rpm


• SuSE radiusd-cistron-1.6.4-65.sparc.rpm
  ftp://ftp.suse.com/pub/suse/sparc/update/7.1/n3/radiusd-cistron-1.6.4- 65.sparc.rpm


• SuSE radiusd-cistron-1.6.4-65.sparc.rpm
  ftp://ftp.suse.com/pub/suse/sparc/update/7.3/n3/radiusd-cistron-1.6.4- 65.sparc.rpm


• SuSE radiusd-cistron-1.6.4-69.alpha.rpm
  ftp://ftp.suse.com/pub/suse/axp/update/7.1/n3/radiusd-cistron-1.6.4-69 .alpha.rpm


• SuSE radiusd-cistron-1.6.4-95.ppc.rpm
  ftp://ftp.suse.com/pub/suse/ppc/update/7.1/n3/radiusd-cistron-1.6.4-95 .ppc.rpm


• SuSE radiusd-cistron-1.6.4-95.ppc.rpm
  ftp://ftp.suse.com/pub/suse/ppc/update/7.3/n3/radiusd-cistron-1.6.4-95 .ppc.rpm

Miquel van Smoorenburg Cistron Radius 1.6.5

• Cistron RADIUS Cistron RADIUS 1.6.6
  http://www.radius.cistron.nl/


• FreeBSD radiusd-cistron-1.6.6.tgz
  ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/All/rad iusd-cistron-1.6.6.tgz


• Red Hat radiusd-cistron-1.6.6-2.alpha.rpm
  ftp://updates.redhat.com/7.0/en/powertools/alpha/radiusd-cistron-1.6.6 -2.alpha.rpm


• Red Hat radiusd-cistron-1.6.6-2.alpha.rpm
  ftp://updates.redhat.com/7.1/en/powertools/alpha/radiusd-cistron-1.6.6 -2.alpha.rpm


• Red Hat radiusd-cistron-1.6.6-2.i386.rpm
  ftp://updates.redhat.com/7.0/en/powertools/i386/radiusd-cistron-1.6.6- 2.i386.rpm


• Red Hat radiusd-cistron-1.6.6-2.i386.rpm
  ftp://updates.redhat.com/7.1/en/powertools/i386/radiusd-cistron-1.6.6- 2.i386.rpm