|
|
|
View Notes By
|
|
|
|
Other Documents
|
|
|
|
|
Lucent Information for VU#936683
| Date Notified: | 2002-01-30 |
| Date Updated: | |
| Statement Date: | |
| Status Summary: | Vulnerable |
Vendor StatementLucent and Ascend "Free" RADIUS server Product Status
Prior to the Lucent Technologies acquisition of Ascend Communications and Livingston Enterprises, both companies distributed RADIUS servers at no cost to their customers. The initial Livingston server was RADIUS 1.16 followed in June 1999 by RADIUS 2.1. The Ascend server was based on the Livingston 1.16 product with the most recent version being released in June 1998. Lucent Technologies no longer distributes these products, and does not provide any support services for these products.
Both of these products were distributed as-is without warranty, under the BSD "Open Source" license. Under this license, other parties are free to develop and release other products and versions. However, as noted in the license terms, Lucent Technologies can not and does not assume any responsibility for any releases, present or future, based on these products.
Product Patches
Patches designed to specifically address the problems outlined in the CERT bulletins VU#936683 VU#589523 have been made available to the public by Simon Horman . For more information visit ftp://ftp.vergenet.net/pub/radius
Replacement Product
The Lucent Technologies replacement product is NavisRadius 4.x. NavisRadius is a fully supported commercial product. Visit the product web site at http://www.lucentradius.com for more information.
Richard Perlman
NavisRadius Product Management
Network Operations Software
perl@lucent.com Vendor InformationThe vendor has not provided us with any further information regarding this vulnerability.
AddendumPlease note that Lucent purchased both Livingston and Ascend. NavisRadius 4.x is reported as not vulnerable to this vulnerablility.
If you have feedback, comments, or additional information about this vulnerability, please send us
email.
|
 |
