YARD RADIUS Information for VU#936683
Multiple implementations of the RADIUS protocol do not adequately validate the vendor-length of the vendor-specific attributes
- Vendor Information Help Date Notified: 30 Jan 2002
- Statement Date:
- Date Updated: 20 Feb 2002
Current version 1.0.19 of Yardradius (which is derived from Lucent 2.1) seems suffering both the problems. I think I will release a new version (1.0.20) which solves those buffer overflows before your suggested date [3/4/2002].
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.