Open System Consultants Information for VU#936683

Multiple implementations of the RADIUS protocol do not adequately validate the vendor-length of the vendor-specific attributes

Status

Affected

Vendor Statement

The current version of Radiator (2.19) is not vulnerable to either of the vulnerabilites reported. No version has ever been vulnerable to VU#589523, and it has not been vulnerable to VU#936683 since version 2.6 (released on 5/4/1998)

More information in our press release at

http://www.open.com.au/press.html

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References

None

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.