US-CERT
Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information
 

 View Notes By
Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric

 Other Documents
Technical Alerts

Technical Bulletins

Alerts

Security Tips

Secure Computing Corporation Information for VU#589523

Date Notified
Date Modified04/20/2002 06:17:45 PM
Status SummaryVulnerable

Vendor Statement

Secure Computing has provided updated RADIUS daemons for the following SafeWord systems running on Solaris: SafeWord v5.2, and SafeWord PremierAccess v3.0. The new updated daemon addresses the following vulnerabilities as was reported in the CERT Advisory CA-2002-06:

VU#589523

Previously, the radiusd daemon contained a buffer overflow in the function that calculates message digest, and the daemon would crash when a secret key of more than 108
characters was entered in the clients file. The new version will now display the following radius debug message when such a key exists:

"ERROR! Calc_digest: Bad secret key in clients file. Length is too long."

The daemon will remain running.

VU#936683

Previously, the radiusd daemon would crash when malformed RADIUS packets that included Vendor Specific Attributes of lengths of less than 2 bytes. This version will now display the following radius debug message in this situation:

"Invalid attribute. Invalid length for attribute 26."

The daemon will remain running.

To obtain the new updated RADIUS daemon, please contact Secure Computing Technical support at 1-800-700-8328

US-CERT Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

Produced 2008 by US-CERT, a government organization
Disclaimers and copyright information