
	Where results make sense

Topic: Cistron

In the News (Wed 23 Dec 09)

Northern Trust

Marvin Harrison

Peter Chernin

Gary Locke

Match Play

Penelope Cruz

Mickey Rourke

AR Rahman

Danny Boyle

Hugh Jackman

	SecurityTracker.com Archives - (SuSE Issues Fix) Cistron Radius Server Buffer Overflow May Allow Remote Users to Crash ...
		The overflow is apparently a static data overflow in the calc_acctdigest() function, where a shared secret is added to packet data to calculate the digest, but memory for the shared secret is not allocated.
		It is also reported that the Cistron Radius server uses a potentially predictable authenticator value in the Authentication Request packet, creating the possibility of a remote user being able to spoof NAS Authentication Request.
		Within the cistron package, a buffer overflow in the digest calculation function and miscalculations of attribute lengths have been fixed which could allow remote attackers to execute arbitrary commands on the system running the radius server.
	www.securitytracker.com /alerts/2002/Apr/1004179.html (1383 words)

	FreeRADIUS FAQ
		Cistron RADIUS Server or cistron-radiusd is a daemon for un*x operating systems which allows one to set up (guess what!) a radius protocol server, which is usually used for authentication and accounting of dial-up users.
		Original author and current maintainer of Cistron RADIUS is Miquel van Smoorenburg miquels at cistron dot nl.
		Cistron RADIUS is limited to 16 characters for the shared secret.
	www.freeradius.org /faq/cistron.html (4366 words)

	http://www.radius.cistron.nl/ Cistron RADIUS server
		Cistron RADIUS is an authentication and accounting server for terminal servers that speak the RADIUS protocol.
		Cistron Radius does use the CVS server from the FreeRadius project.
		Cistron Radius is still maintained because a lot of people use it, but it will not get any major new functionality such as SQL support, LDAP support etc.
	www.radius.cistron.nl (575 words)

	[RHSA-2002:030-08] Updated radiusd-cistron packages are available (fwd) (Site not responding. Last check: 2007-11-04)
		Various vulnerabilities have been found in Cistron RADIUS as well as other RADIUS servers and clients.
		In versions of Cistron RADIUS 1.6.5 and earlier, malformed packets could be used to gain additional privileges.
		All users of Cistron RADIUS are advised to upgrade to version 1.6.6, which is not vulnerable to these issues.
	www.sld.cu /pipermail/linux-l/2002-March/016492.html (378 words)

	Mike's resume
		Januari 1995 - March 1995: Cistron Electronics Design and implementation of a 10Mbit 4 port bridge based on cheap PC hardware.
		Even though Cistron Telecom was the first DSL provider in the Dutch market, with its own fiber network in- and connecting major cities, they couldn't find any investors to finish the network after the dot.com collapse.
		It is a real "open source" project, with a web server (www.freeradius.org) and a group of developers that share their work through a common CVS server.
	miquels.www.cistron.nl /resume.html (794 words)

	[No title]
		According to: http://www.radius.cistron.nl/ cistron 1.6.7 should be available at: ftp://ftp.radius.cistron.nl/pub/radius However, this site seems to only have 1.6.6, which has a known security issue.
		If you're trying to do usage accounting, its recommended fairly strongly in the readme file of cistron NOT to use radwtmp for accounting purposes, because it isn't very reliable in the face of lost accounting packets and various other factors which make it easy to corrupt.
		Using cistron 1.6.6 with the default users file, but I've added the line Cisco-AVPair = "lcp:callback-dialstring=" into the default section like this: DEFAULT Service-Type = Framed-User Framed-IP-Address = 255.255.255.254, Framed-MTU = 576, Service-Type = Framed-User, Cisco-AVPair = "lcp:callback-dialstring=", Fall-Through = Yes Now the users gets the option to enter a callback number in Windows.
	lists.cistron.nl /pipermail/cistron-radius/2003-August.txt (11040 words)

	CERT Advisory CA-2002-06 Vulnerabilities in Various Implementations of the RADIUS Protocol
		Cistron Radius up to and including 1.6.5 is vulnerable
		However, Cistron RADIUS was part of our PowerTools add-on software CD from versions 5.2 through 7.1.
		Thus while not installed by default, some users of Red Hat Linux may be using Cistron RADIUSD.
	www.cert.org /advisories/CA-2002-06.html (2153 words)

	ISS X-Force Database: radius-message-digest-bo(7534): RADIUS message digest calculation buffer overflow (Site not responding. Last check: 2007-11-04)
		If the attacker knows the shared secret, this vulnerability could be used to execute arbitrary code on the system.
		Upgrade to the latest version of Cistron RADIUS (1.6.5 or later), when it becomes available from the Cistron RADIUS Web site.
		Cistron RADIUS Web site, Cistron RADIUS server, version 1.6.6 at http://www.radius.cistron.nl/.
	xforce.iss.net /xforce/xfdb/7534 (715 words)

	[No title] (Site not responding. Last check: 2007-11-04)
		Cistron RADIUS Frequently Asked Questions & Answers $Revision: 1.55 $ -- August 2001 maintained by Antonio Dias original work by Vladimir Ivaschenko
		with many questions answered by Alan DeKok This is the FAQ (Frequently Asked Questions) for the Cistron RADIUS Server (cistron-radiusd for short) development project.
		Original author and current maintainer of Cistron RADIUS is Miquel van Smoorenburg
	www.freeradius.org /faq/FAQ (4248 words)

	SecurityTracker.com Archives - (Debian Issues Fix) Cistron RADIUS Server Single Byte Overflow Lets Remote Authenticated ...
		Description: A buffer overflow vulnerability was reported in the Cistron RADIUS server.
		A remote authenticated user may be able to execute arbitrary code on the target system with the privileges of the RADIUS server (typically root on many systems).
		David Luyer reported a vulnerability in Cistron RADIUS.
	www.securitytracker.com /alerts/2003/Jun/1006985.html (705 words)

	Cistron LDAP Patch
		This is a patch to the Cistron RADIUS server to make it authenticate users and retrieve RADIUS attriubtes from and LDAP server.
		There is another LDAP patch for Cistron written by james@water.wwnet.net.
		But it only takes the username and password from LDAP, RADIUS attributes are taken from the "users" file.
	works.agni.com /cistron-ldap.html (289 words)

	Cistron Little Brother network monitoring tool (Site not responding. Last check: 2007-11-04)
		Here's yet another open-source network monitoring tool, developed by the Cistron group.
		It can keep track of all sorts of services running on all sorts of hosts in a network (such as the entire Internet, if you like), report on failures as desired, and store results of its checks in a database.
		Cistron uses the package to ensure that customers' websites, as well as its own, are up and serving data; to warn when printers run out of paper or toner; to compare network reliability to that of its competitors; and even to monitor (and, if necessary, restart) copies of itself running on various servers.
	littlebrother.sourceforge.net (320 words)

	Riverstone Networks Configuration Database: Cistron RADIUS Configuration
		The original Livingston server is now only available to Lucent customers, a newer version of Cistron called FreeRADIUS is still in beta, and other servers such as Steel-belted RADIUS are commercial products.
		There are also alternatives such as the Cistron derivative ICRadius which uses MYSQL as a back-end, but is out of the scope of this document.
		This installation and setup is performed on a linux box (Slackware/2.4.4), so some of the commands may use linux specific flags, but the radius daemon should be platform independent.
	www.riverstonenet.com /support/configdb/0040.html (764 words)

	SuSE-SA:2002:013-radiusd-cistron - Xatrix Security
		The list of vulnerable servers includes the cistron radius
		Within the cistron package, a buffer overflow in the digest
		is part of either the cistron, livingston or freeradius package.
	www.xatrix.org /article1433.html (555 words)

	RE: Cisco VSAs
		It's taking accounting packets just fine from the RASs and even forwarding them out to where they are supposed to go (client's remote RADIUS server).
		The problem seems to be that the accounting records do not end up in a directory named after the remote RADIUS server (which the documentation says it will, and what my old Cistron RADIUS did perfectly, they end up in the directory of the client the user dialed in on.
		I know the naslist file is being read in because the radius.log shows the short name.
	list.xs4all.nl /pipermail/freeradius-users/2001-November.txt (15858 words)

	rhn.redhat.com \| Red Hat Support
		In versions of Cistron RADIUS 1.6.5 and earlier, malformed packets could be
		All users of Cistron RADIUS are advised to upgrade to version 1.6.6, which
		Pay special attention to the installation instructions in the Solution
	rhn.redhat.com /errata/RHSA-2002-030.html (153 words)

Try your search on: Qwika (all wikis)