Trilight Zone Forum Index Trilight Zone
Privacy & Anonymity is our specialty !
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

Radiusd-cistron

 
Post new topic   Reply to topic    Trilight Zone Forum Index -> Security
Author Message
thedark
Second Lieutenant


Joined: 30 Jul 2005
Posts: 1074

PostPosted: Thu Aug 04, 2005 12:04 am    Post subject: Radiusd-cistron Reply with quote
Cistron RADIUS is an authentication and accounting system for
terminal servers that speak the RADIUS (Remote Authentication Dial In
User Service) protocol.

David Luyer reported[1] a buffer overflow vulnerability in
radiusd-cistron versions <= 1.6.6 that could allow remote attackers
to cause a denial of service (DoS) and possibly execute arbitrary
code in the server context. The vulnerability resides in the handling
of the NAS-Port attribute, which can be interpreted as a negative
number, causing a buffer overflow.


SOLUTION
All radius-cistron users should upgrade. This update will
automatically restart the service if it is already running.


UPDATED PACKAGES
ftp://atualizacoes.conectiva.com.br/7.0/R...70_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/S...U70_2cl.src.rpm
ftp://atualizacoes.conectiva.com.br/8/RPM...80_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/SRP...U80_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/9/RPM...90_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/SRP...U90_1cl.src.rpm
Back to top
Display posts from previous:   
Post new topic   Reply to topic    Trilight Zone Forum Index -> Security All times are GMT
Page 1 of 1

 


Powered by phpBB © 2001, 2005 phpBB Group