> Granted, the radiusd source I have is several months old, but has it
> changed that much? The above patch won't apply to my source. Looking
> for a close match for this in the radiusd.c, I found that it looks like
> it belongs at the end of radrespond(authreq, activefd), but that's 500
> lines away. Is this version really out of date:
> radiusd.c 1.17 Copyright 1992 Livingston Enterprises Inc
Yes. I had to find it as well. Its for 1.16 of Livingston.
Just a small memory leak, which wouldn't surface unless
someone was trying to hack in.
> This one would apply no problem...but I'm not sure how easily exploitable
> it really is. Wouldn't this require either knowing the radius secret and
> IP spoofing, or interception of radius packets, editing, and
> retransmission with source spoofing?
Although I haven't looked into this, Livingston boxes did not
send the secret with accounting packets. Therefore in the 1.16
Ref code, if you could spoof a source IP address, you could send
accounting packets to the server. I am not sure whether the new
ComOS signs the packets. I remember reading that it did, but have
run into mixed results of it. Ascends definately do sign the
accounting packets as well.
-- Dale E. Reed Jr. (daler@iea.com) _____________________________________________________________________ Internet Engineering Associates | RadiusNT, Emerald, and NT FAQs Internet Solutions for Today | http://www.iea.com/~daler