Cistron Information for VU#936683
Multiple implementations of the RADIUS protocol do not adequately validate the vendor-length of the vendor-specific attributes
- Vendor Information Help Date Notified: 30 Jan 2002
- Statement Date:
- Date Updated: 19 Feb 2002
Cistron Radius up to and including 1.6.5 is vulnerable. Today [2/6/02] I have released version 1.6.6, which also fixes (VU#589523). The homepage is http://www.radius.cistron.nl/ on which you can also find the ChangeLog. An announcement to the cistron-radius mailinglist was also made today.
So everybody should upgrade to 1.6.6.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.