Alcatel Information for VU#936683
Multiple implementations of the RADIUS protocol do not adequately validate the vendor-length of the vendor-specific attributes
- Vendor Information Help Date Notified:
- Statement Date:
- Date Updated: 02 Apr 2002
Following the recent CERT advisory on security vulnerabilities in various RADIUS implementations, Alcatel has conducted an immediate assessment to determine any impact this may have on our portfolio. A first analysis has shown that the following products are not affected: Omni Switch/Routers, 713x VPN Gateways, A5735 SMC, A5020 SoftSwitch and GGSN. The security of our customers' networks is of highest priority for Alcatel. Therefore we continue to test our product portfolio against potential RADIUS security vulnerabilities and will provide updates if necessary.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.