Wind River Systems Information for VU#936683
Multiple implementations of the RADIUS protocol do not adequately validate the vendor-length of the vendor-specific attributes
- Vendor Information Help Date Notified: 03 Jan 2002
- Statement Date:
- Date Updated: 04 Mar 2002
The current RADIUS client product from Wind River Systems, WindNet RADIUS 1.1, is not susceptible to VU#936683 and VU#589523 in our internal testing.
VU#936683 - WindNet RADIUS will pass the packet up to the application. The application may need to be aware of the invalid attribute length.
VU#589523 - WindNet RADIUS will drop the packet overflow.
Please contact Wind River support at firstname.lastname@example.org or call (800) 458-7767 with any test reports related to VU#936683 and VU#589523.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.