Clavister Information for VU#541574

freeRADIUS Server vulnerable to a denial-of-service attack

Status

Unknown. If you are the vendor named above, please contact us to update your status.

Vendor Statement

Clavister: Not vulnerable

Clavister does not integrate freeRADIUS in any of its products. Additionaly, configuring Clavister Firewall to use a freeRADIUS server for AAA does not open up additional attack venues, since none of the affected vendor-specific attributes are used.

Clavister generally recommends that RADIUS servers be placed in a separate network segment where third parties cannot interfere with traffic between access gateways and the RADIUS server.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References

None

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.