Wind River Systems Information for VU#589523

Multiple implementations of the RADIUS protocol contain a digest calculation buffer overflow

Status

Not Affected

Vendor Statement

The current RADIUS client product from Wind River Systems, WindNet RADIUS 1.1, is not susceptible to VU#936683 and VU#589523 in our internal testing.

VU#936683 - WindNet RADIUS will pass the packet up to the application. The application may need to be aware of the invalid attribute length.

VU#589523 - WindNet RADIUS will drop the packet overflow.

Please contact Wind River support at support@windriver.com or call (800) 458-7767 with any test reports related to VU#936683 and VU#589523.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References

None

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.