Red Hat Information for VU#936683

Multiple implementations of the RADIUS protocol do not adequately validate the vendor-length of the vendor-specific attributes



Vendor Statement

We do not ship Cistron radiusd as part of any of our main operating systems. However it was part of our PowerTools add-on software CD from versions 5.2 through 7.1. Thus while not installed by default, some users of Red Hat Linux may be using cistron radiusd, and we will be coordinating a fix.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References



The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.