FreeBSD Information for VU#589523
Multiple implementations of the RADIUS protocol contain a digest calculation buffer overflow
- Vendor Information Help Date Notified: 03 Jan 2002
- Statement Date:
- Date Updated: 20 Feb 2002
FreeBSD versions prior to 4.5-RELEASE (which is shipping today or tomorrow or so) do contain some of the RADIUS packages mentioned below: radiusd-cistron, freeradius, ascend-radius, icradius, and radiusclient.
However, 4.5-RELEASE will not ship with any of these RADIUS packages, except radiusclient. Also, note that the information you [CERT/CC] have forwarded previously indicates that neither Merit RADIUS (radius-basic) nor radiusclient are vulnerable.
The vendor has not provided us with any further information regarding this vulnerability.
Note that RADIUSClient is vulnerable and an update was released to address this vulnerability.
If you have feedback, comments, or additional information about this vulnerability, please send us email.