Network Security Audits / Vulnerability Assessments by SecuritySpace

Vulnerability Search		Search 324607 CVE descriptions and 146377 test descriptions, access 10,000+ cross references.
	Tests CVE All

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

--------------------------------------------------------------------------
   Turbolinux Security Advisory TLSA-2003-32
   http://www.turbolinux.co.jp/security/
                                             security-team@turbolinux.co.jp
--------------------------------------------------------------------------

Original released date : 20 May 2003
Last revised           : 20 May 2003

Package : radiusd-cistron

Summary : DoS vulnerabilities in radiusd-cistron

More information :
    A failure to check the vendor-length of vendor-specific attributes,
    also possibiliting a Denial of Service attack against RADIUS servers.

Impact :
    The vulnerabilities allow an attacker can cause a denial of service
    of the RADIUS server or client. On some systems, it may also allow the
    execution of code, especially if the attacker has knowledge of the
    shared secret.

Affected Products :
    - Turbolinux 8 Server
    - Turbolinux 8 Workstation
    - Turbolinux 7 Server
    - Turbolinux 7 Workstation
    - Turbolinux Server 6.5
    - Turbolinux Advanced Server 6
    - Turbolinux Server 6.1

Solution :
    Please use turbopkg tool to apply the update.

<Turbolinux 8 Server>

   Source Packages
   Size : MD5

   radiusd-cistron-1.6.6-4.src.rpm
       205214 e0af031db55bccefa4523722666c8c95

   Binary Packages
   Size : MD5

   radiusd-cistron-1.6.6-4.i586.rpm
       151317 bd9fe366fb9669a930297bd355c8e5d4

<Turbolinux 8 Workstation>

   Source Packages
   Size : MD5

   radiusd-cistron-1.6.6-4.src.rpm
       205214 71e06dd8405bcded482f1d15a1315fc0

   Binary Packages
   Size : MD5

   radiusd-cistron-1.6.6-4.i586.rpm
       151372 86716266277a37942bd155bc2acec928

<Turbolinux 7 Server>

   Source Packages
   Size : MD5

   radiusd-cistron-1.6.6-4.src.rpm
       205214 2bfd1b7c7477740bdb6984260922c6a9

   Binary Packages
   Size : MD5

   radiusd-cistron-1.6.6-4.i586.rpm
       148916 b44486cc4b932db4d27821614c324b0b

<Turbolinux 7 Workstation>

   Source Packages
   Size : MD5

   radiusd-cistron-1.6.6-4.src.rpm
       205214 1c00bfc04d9d4d224efbc14201979288

   Binary Packages
   Size : MD5

   radiusd-cistron-1.6.6-4.i586.rpm
       149072 f427a5364e412bc1f68297e1a5e3ebe5

<Turbolinux Server 6.5>

   Source Packages
   Size : MD5

   radiusd-cistron-1.6.6-4.src.rpm
       205214 c1646022a3643444339098dd9396af42

   Binary Packages
   Size : MD5

   radiusd-cistron-1.6.6-4.i386.rpm
       182190 12f689f09fca1549bae3c2a579046a00

<Turbolinux Advanced Server 6>

   Source Packages
   Size : MD5

   radiusd-cistron-1.6.6-4.src.rpm
       205214 78696a053befba34bf22c8fe26012f6a

   Binary Packages
   Size : MD5

   radiusd-cistron-1.6.6-4.i386.rpm
       182159 80e72668c4fbbfa0f0b64d2d81be4155

<Turbolinux Server 6.1>

   Source Packages
   Size : MD5

   radiusd-cistron-1.6.6-4.src.rpm
       205214 e3341d8f6b16d935ec51fe73e1f4e6de

   Binary Packages
   Size : MD5

   radiusd-cistron-1.6.6-4.i386.rpm
       182178 28691f9f7352aba2580ca09687ad77a4

References :

Cistron RADIUS server
   [ChangeLog]
   http://www.radius.cistron.nl/ChangeLog

CERT Advisory
   [CA-2002-06]
   http://www.cert.org/advisories/CA-2002-06.html

--------------------------------------------------------------------------
Revision History
    20 May 2003 Initial release
--------------------------------------------------------------------------

Copyright(C) 2003 Turbolinux, Inc. All rights reserved.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQE+yZUcK0LzjOqIJMwRAsY4AJ9XUxDWSm5xrgUjOEWCd+eTmP9LcgCfZsiR
0kHgYH1BBvq6jStRLq1sNfo=
=yIZo
-----END PGP SIGNATURE-----