ISS warns of security flaw in RADIUS servers - ISP's at Risk

posted onJuly 11, 2001
by hitbsecnews

Internet Security Systems Inc. has spotted what's believed to be the first known buffer-overflow vulnerability associated with remote-access servers, which could allow a hacker to gain control of an ISP's network.

The flaw is linked to the remote-access servers used by ISPs to authenticate users logging on to gain access to Internet services. Hackers can craft all kinds of buffer-overflow exploits as strings of commands that can be used to try and gain control of a server when its buffer doesn't filter the attack strings through bound-checking measures. Web and application servers, in particular, are well-known buffer-overflow targets, but security software firm ISS, has discovered that some RADIUS-based remote-access servers are vulnerable to this type of attack as well....

ISS warns of security flaw in RADIUS servers

Network World Fusion 7/10/01

Ellen Messmer, Network World Fusion

RADIUS, which stands for Remote Authentication Dial-In User Server, is an Internet Engineering Task Force (IETF) remote-access server standard for managing multi-user names and passwords in addition to maintaining account logs for a network.

The Lucent Technologies Inc. RADIUS server and the Merit RADIUS server can both be compromised by buffer-overflow attacks, according to Chris Rouland, director at X-Force, an ISS division that issues advisories on newly discovered security problems.

"The danger here is that a hacker could compromise the ISP's RADIUS server and steal the account passwords and compromise the internal network of the ISP," Rouland said. He emphasized that ISS did not publish the actual command-string exploit that could be used to compromise Lucent and Merit RADIUS Servers.

Lucent RADIUS Server is no longer maintained by Lucent. However, ISS worked with VA Linux Systems Inc., which maintains the package, to develop a patch for the buffer-overflow vulnerability spotted by ISS.

Merit has also made a patch to remedy the buffer-overflow vulnerabilty in Merit 3.6b RADIUS. ISS urged ISPs to upgrade their RADIUS Servers and warned that earlier versions of both RADIUS products may be affected, too.

Rouland added that the Lucent and Merit RADIUS Servers are typically used by smaller ISPs which probably have about 30 percent of all the Internet's dial-in ports, while the larger ISPs, account for approximately 70 percent of dial-in ports, tend to use different remote-access products.

ISS discovered the problems with the Lucent and Merit RADIUS Servers while researching security vulnerabilities in 802.11b wireless LANs, where RADIUS can be used to supplement what ISS views as the weak security measures in the wireless LAN standard.

The buffer-overflow exploit, which is "pretty simple," according to Rouland, may affect other vendor brands of RADIUS Servers that aren't being tested at the moment in the ISS.

Ellen Messmer is a senior editor for enterprise applications at Network World.

Network World.

Source

Tags

Networking

You May Also Like

Other Articles In This Section

Recent News

Tuesday, July 9th

China's APT40 gang is ready to attack vulns within hours or days of public release
AI-Powered Super Soldiers Are More Than Just a Pipe Dream
The president ordered a board to probe a massive Russian cyberattack. It never did.
Massive car dealer ransom attack is mostly over after 2 weeks of work-arounds

Wednesday, July 3rd

“RegreSSHion” vulnerability in OpenSSH gives attackers root on Linux
Two of the German military’s new spy satellites appear to have failed in orbit

Friday, June 28th

Indonesian Airports, Data Centres Hit By Worst Cyberattack in Years
Cisco Talos warns of wider security implications following Snowflake breach

Thursday, June 27th

I Wore Meta Ray-Bans in Montreal to Test Their AI Translation Skills. It Did Not Go Well
Researchers upend AI status quo by eliminating matrix multiplication in LLMs
YouTube tries convincing record labels to license music for AI song generator
Critical MOVEit vulnerability puts huge swaths of the Internet at severe risk
Julian Assange to plead guilty but is going home after long extradition fight

Thursday, June 13th

Hackers show off jailbroken checkm8-vulnerable iPad and Apple TV running iPadOS 18 & tvOS 18 respectively
One of the major sellers of detailed driver behavioral data is shutting down
Turkish student creates custom AI device for cheating university exam, gets arrested

Wednesday, June 12th

Chinese-Made Biometric Access System Has 24 Vulnerabilities
Apple and OpenAI currently have the most misunderstood partnership in tech
Adobe to update vague AI terms after users threaten to cancel subscriptions
China state hackers infected 20,000 Fortinet VPNs

Tuesday, June 11th

Russia Is Targeting Germany With Fake Information as Europe Votes
Apple announces macOS 15 Sequoia with window tiling, iPhone mirroring, and more
Apple integrates ChatGPT into Siri, iOS, and macOS
British police to scan 480,000 Formula 1 fans’ faces at Silverstone
Hackers steal “significant volume” of data from hundreds of Snowflake customers

Friday, June 7th

7,000 LockBit decryption keys now in the hands of the FBI, offering victims hope
FCC pushes ISPs to fix security flaws in Internet routing
Can a technology called RAG keep AI models from making stuff up?
How to Lead an Army of Digital Sleuths in the Age of AI

Thursday, June 6th

Mystery object waits nearly an hour between radio bursts
Apple refused to pay bug bounty to Russian cybersecurity firm Kaspersky Lab
Ex-Microsoft security expert torches Windows' new 'Recall' feature
The Age of the Drone Police Is Here

Wednesday, June 5th

Ukrainian Systems Hit by Cobalt Strike Via a Malicious Excel File
TikTok Hack Targets ‘High-Profile’ Users via DMs