• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Cistron RADIUS Remote Signed NAS-Port Number Expansion Memory Corruption Vulnerability

Solution:
Conectiva has released a security advisory (CLA-2003:664) containing fixes to address this issue. Users are advised to upgrade as soon as possible. Fixes are listed below.

SuSE has released a security advisory (SuSE-SA:2003:030) containing fixes to address this issue. Users are advised to upgrade as soon as possible. Further information regarding how to obtain and apply fixes can be found in the attached advisory.

Cistron RADIUS 1.6.7 is currently under development and will address this issue.

Debian has released advisory DSA 321-1 with fixes to address this issue. See referenced advisory for additional information.

Gentoo has released fixes to address this issue. The associated advisory contains the following information:

It is recommended that all Gentoo Linux users who are running
net-dialup/cistronradius upgrade to cistronradius-1.6.6-r1 as follows

emerge sync
emerge cistronradius
emerge clean


Miquel van Smoorenburg Cistron Radius 1.6.4

• SuSE radiusd-cistron-1.6.4-108.ppc.rpm
  PPC Power PC Platform
  ftp://ftp.suse.com/pub/suse/ppc/update/7.3/n3/radiusd-cistron-1.6.4-10 8.ppc.rpm


• SuSE radiusd-cistron-1.6.4-182.i386.rpm
  Intel i386 Platform
  ftp://ftp.suse.com/pub/suse/i386/update/7.2/n3/radiusd-cistron-1.6.4-1 82.i386.rpm


• SuSE radiusd-cistron-1.6.4-182.i386.rpm
  Intel i386 Platform
  ftp://ftp.suse.com/pub/suse/i386/update/7.3/n3/radiusd-cistron-1.6.4-1 82.i386.rpm


• SuSE radiusd-cistron-1.6.4-70.sparc.rpm
  Sparc Platform
  ftp://ftp.suse.com/pub/suse/sparc/update/7.3/n3/radiusd-cistron-1.6.4- 70.sparc.rpm

Miquel van Smoorenburg Cistron Radius 1.6.6

• Conectiva radiusd-cistron-1.6.6-13419U90_1cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/9/RPMS/radiusd-cistron-1.6.6-13419 U90_1cl.i386.rpm


• Conectiva radiusd-cistron-1.6.6-13419U90_1cl.src.rpm
  ftp://atualizacoes.conectiva.com.br/9/SRPMS/radiusd-cistron-1.6.6-1341 9U90_1cl.src.rpm


• Conectiva radiusd-cistron-1.6.6-1U70_2cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/7.0/RPMS/radiusd-cistron-1.6.6-1U7 0_2cl.i386.rpm


• Conectiva radiusd-cistron-1.6.6-1U70_2cl.src.rpm
  ftp://atualizacoes.conectiva.com.br/7.0/SRPMS/radiusd-cistron-1.6.6-1U 70_2cl.src.rpm


• Conectiva radiusd-cistron-1.6.6-5U80_1cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/8/RPMS/radiusd-cistron-1.6.6-5U80_ 1cl.i386.rpm


• Conectiva radiusd-cistron-1.6.6-5U80_1cl.src.rpm
  ftp://atualizacoes.conectiva.com.br/8/SRPMS/radiusd-cistron-1.6.6-5U80 _1cl.src.rpm


• Debian radiusd-cistron_1.6.6-1woody1_alpha.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/r/radiusd-cistron/radiusd -cistron_1.6.6-1woody1_alpha.deb


• Debian radiusd-cistron_1.6.6-1woody1_arm.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/r/radiusd-cistron/radiusd -cistron_1.6.6-1woody1_arm.deb


• Debian radiusd-cistron_1.6.6-1woody1_hppa.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/r/radiusd-cistron/radiusd -cistron_1.6.6-1woody1_hppa.deb


• Debian radiusd-cistron_1.6.6-1woody1_i386.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/r/radiusd-cistron/radiusd -cistron_1.6.6-1woody1_i386.deb


• Debian radiusd-cistron_1.6.6-1woody1_ia64.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/r/radiusd-cistron/radiusd -cistron_1.6.6-1woody1_ia64.deb


• Debian radiusd-cistron_1.6.6-1woody1_m68k.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/r/radiusd-cistron/radiusd -cistron_1.6.6-1woody1_m68k.deb


• Debian radiusd-cistron_1.6.6-1woody1_mips.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/r/radiusd-cistron/radiusd -cistron_1.6.6-1woody1_mips.deb


• Debian radiusd-cistron_1.6.6-1woody1_mipsel.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/r/radiusd-cistron/radiusd -cistron_1.6.6-1woody1_mipsel.deb


• Debian radiusd-cistron_1.6.6-1woody1_powerpc.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/r/radiusd-cistron/radiusd -cistron_1.6.6-1woody1_powerpc.deb


• Debian radiusd-cistron_1.6.6-1woody1_s390.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/r/radiusd-cistron/radiusd -cistron_1.6.6-1woody1_s390.deb


• Debian radiusd-cistron_1.6.6-1woody1_sparc.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/r/radiusd-cistron/radiusd -cistron_1.6.6-1woody1_sparc.deb


• SuSE radiusd-cistron-1.6.6-88.i386.patch.rpm
  Intel i386 Platform
  ftp://ftp.suse.com/pub/suse/i386/update/8.0/n2/radiusd-cistron-1.6.6-8 8.i386.patch.rpm


• SuSE radiusd-cistron-1.6.6-88.i386.rpm
  Intel i386 Platform
  ftp://ftp.suse.com/pub/suse/i386/update/8.0/n2/radiusd-cistron-1.6.6-8 8.i386.rpm