Clavister Information for VU#541574
freeRADIUS Server vulnerable to a denial-of-service attack
- Vendor Information Help Date Notified: 05 Oct 2004
- Statement Date:
- Date Updated: 07 Oct 2004
Unknown. If you are the vendor named above, please contact us to update your status.
Clavister: Not vulnerable
Clavister does not integrate freeRADIUS in any of its products. Additionaly, configuring Clavister Firewall to use a freeRADIUS server for AAA does not open up additional attack venues, since none of the affected vendor-specific attributes are used.
Clavister generally recommends that RADIUS servers be placed in a separate network segment where third parties cannot interfere with traffic between access gateways and the RADIUS server.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.