X-RDate: Mon, 23 Feb 1998 10:21:15 +0500 (ESK)
Date: Fri, 20 Feb 1998 21:02:53 -0500
From: "Phillip R. Jaenke" <[email protected]>
To: [email protected]Subject: Serious bug in "radius" dialup authentication software
At work, we've discovered a *SERIOUS* bug in the "radius" dialup
authentication software.
Affected Platforms:
WindowsNT (RadiusNT)
Linux
Solaris (x86)
BSDi
NetBSD
OpenBSD
FreeBSD
Problem:
If a user appends a certain amount of spaces after their username, Radius
will crash, keeping users from logging in. We have been unable to
determine the number of spaces, but it is above 5, and below the 'magic
128' as we call it. I'd estimate it at around 32 spaces.
Effects:
100% of the time, Radius will crash. All platforms are affected. Multiple
servers do not negate these effects, as most terminal servers, when the
primary radius authentication server is not there, will switch over to the
next one, which will get the same username, and crash, locking all
customers out. This appears to affect ALL platforms, be it WindowsNT or a
form of unix. It appears to be a bug in radius itself.
A coworker has contacted the radius mailing lists. As soon as a fix is
known, I will post it here.
--Phillip R. Jaenke ([email protected] | [email protected])
Primary Developer, The Improvement Linux Project
Core Team Member, The Cyberian RC5 Effort - http://www.cyberian.org/
AKA Kaeyerai (Rediscovery) of MasterTechnoMonster
Ketyra Designs, Inc. - Imagine Transmeta sans Linus. That's us. :)
