Open System Consultants Information for VU#936683
Multiple implementations of the RADIUS protocol do not adequately validate the vendor-length of the vendor-specific attributes
- Vendor Information Help Date Notified:
- Statement Date:
- Date Updated: 12 Mar 2002
The current version of Radiator (2.19) is not vulnerable to either of the vulnerabilites reported. No version has ever been vulnerable to VU#589523, and it has not been vulnerable to VU#936683 since version 2.6 (released on 5/4/1998)
More information in our press release at
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.