Secure Computing Corporation Information for VU#936683

Multiple implementations of the RADIUS protocol do not adequately validate the vendor-length of the vendor-specific attributes



Vendor Statement

Secure Computing has provided updated RADIUS daemons for the following SafeWord systems running on Solaris: SafeWord v5.2, and SafeWord PremierAccess v3.0. The new updated daemon addresses the following vulnerabilities as was reported in the CERT Advisory CA-2002-06:


Previously, the radiusd daemon contained a buffer overflow in the function that calculates message digest, and the daemon would crash when a secret key of more than 108
characters was entered in the clients file. The new version will now display the following radius debug message when such a key exists:

    "ERROR! Calc_digest: Bad secret key in clients file. Length is too long."

The daemon will remain running.


Previously, the radiusd daemon would crash when malformed RADIUS packets that included Vendor Specific Attributes of lengths of less than 2 bytes. This version will now display the following radius debug message in this situation:
    "Invalid attribute. Invalid length for attribute 26."

The daemon will remain running.

To obtain the new updated RADIUS daemon, please contact Secure Computing Technical support at 1-800-700-8328

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References



The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.