Secure Computing Corporation Information for VU#589523

Multiple implementations of the RADIUS protocol contain a digest calculation buffer overflow

Status

Affected

Vendor Statement

Secure Computing has provided updated RADIUS daemons for the following SafeWord systems running on Solaris: SafeWord v5.2, and SafeWord PremierAccess v3.0. The new updated daemon addresses the following vulnerabilities as was reported in the CERT Advisory CA-2002-06:

VU#589523

Previously, the radiusd daemon contained a buffer overflow in the function that calculates message digest, and the daemon would crash when a secret key of more than 108
characters was entered in the clients file. The new version will now display the following radius debug message when such a key exists:

"ERROR! Calc_digest: Bad secret key in clients file. Length is too long."

The daemon will remain running.

VU#936683

Previously, the radiusd daemon would crash when malformed RADIUS packets that included Vendor Specific Attributes of lengths of less than 2 bytes. This version will now display the following radius debug message in this situation:

"Invalid attribute. Invalid length for attribute 26."

The daemon will remain running.

To obtain the new updated RADIUS daemon, please contact Secure Computing Technical support at 1-800-700-8328

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References

None

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.