Re: RADIUSD: Big security holes

Dave Kennedy (davek@muscle.net)
Wed, 4 Sep 1996 08:27:49 -0400 (EDT)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: John Storms: "Re: Outbound Transfers die ?"
Previous message: John W. Temples: "Re: RADIUSD: Big security holes"
In reply to: John W. Temples: "Re: RADIUSD: Big security holes"

Kevin Kadow writes...
> I assume everybody is aware of the _NEW_ buffer overflow security hole
> in radiusd? Last week's just invoked a memory leak to enventually crash
> the server, this one is a full-fledged root hole.

Thanks for the info. I've applied the patch.

> Although RDIST suggests running 'radiusd' chroot, chroot is not a
> panecaea for security holes that yield root. Ideally the program would
> bind the radius and radacct ports, chroot, then run setuid as a unique,
> unprivileged user (like some HTTPDs), preferably a user that isn't
> allowed to rlogin... (see why below).

I don't run radiusd as setuid on my system where most buffer overflow
issues arise. Is this hole exploitable over the network? By writing
"executable" data that adds an entry to the password file or something
like that?

Unfortunately, my imagination isn't what it used to be. :) I don't see
how this would be exploitable over a network.

-- 
| Dave Kennedy (davek@muscle.net)             Voice: 770-368-1514 |
| Multi-User Systems, Inc.      Putting MUSCLE in Internet Access |

Next message: John Storms: "Re: Outbound Transfers die ?"
Previous message: John W. Temples: "Re: RADIUSD: Big security holes"
In reply to: John W. Temples: "Re: RADIUSD: Big security holes"