Lucent Information for VU#589523

Prior to the Lucent Technologies acquisition of Ascend Communications and Livingston Enterprises, both companies distributed RADIUS servers at no cost to their customers. The initial Livingston server was RADIUS 1.16 followed in June 1999 by RADIUS 2.1. The Ascend server was based on the Livingston 1.16 product with the most recent version being released in June 1998. Lucent Technologies no longer distributes these products, and does not provide any support services for these products.

Both of these products were distributed as-is without warranty, under the BSD "Open Source" license. Under this license, other parties are free to develop and release other products and versions. However, as noted in the license terms, Lucent Technologies can not and does not assume any responsibility for any releases, present or future, based on these products.

Product Patches

Patches designed to specifically address the problems outlined in the CERT bulletins VU#936683 VU#589523 have been made available to the public by Simon Horman . For more information visit ftp://ftp.vergenet.net/pub/radius

Replacement Product

The Lucent Technologies replacement product is NavisRadius 4.x. NavisRadius is a fully supported commercial product. Visit the product web site at http://www.lucentradius.com for more information.

Richard Perlman
NavisRadius Product Management
Network Operations Software
perl@lucent.com

US-CERT Addendum

If you have feedback, comments, or additional information about this vulnerability, please send us email.