Red Hat Information for VU#936683
Multiple implementations of the RADIUS protocol do not adequately validate the vendor-length of the vendor-specific attributes
- Vendor Information Help Date Notified: 03 Jan 2002
- Statement Date:
- Date Updated: 20 Feb 2002
We do not ship Cistron radiusd as part of any of our main operating systems. However it was part of our PowerTools add-on software CD from versions 5.2 through 7.1. Thus while not installed by default, some users of Red Hat Linux may be using cistron radiusd, and we will be coordinating a fix.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.