=====================================================================
                                  CERT-Renater

                       Note d'Information No. 2004/VULN418
_____________________________________________________________________

DATE                      : 22/09/2004

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Systems running login_radius.

======================================================================

Eilko Bos has reported that radius authentication, as implemented
by login_radius(8), was not checking the shared secret used for
replies sent by the radius server.  This could allow an attacker
to spoof a reply granting unauthorized access to the system.

This has been fixed in OpenBSD-current, OpenBSD 3.6, and the 3.4
and 3.5 -stable branches.  Patches are also available for OpenBSD
3.4 and 3.5:

     ftp://ftp.OpenBSD.org/pub/OpenBSD/patches/3.4/common/031_radius.patch
     ftp://ftp.OpenBSD.org/pub/OpenBSD/patches/3.5/common/020_radius.patch

Note that OpenBSD does not ship with radius authentication enabled.
Unless you have explicitly enabled radius authentication in
/etc/login.conf there is no impact.

For more details see:

     http://www.reseau.nl/advisories/0400-openbsd-radius.txt

  - todd


======================================================================

         =========================================================
         Les serveurs de référence du CERT-Renater
         http://www.urec.fr/securite
         http://www.cru.fr/securite
         http://www.renater.fr
	=========================================================
	+ CERT-RENATER		| tel : 01-53-94-20-44		+
	+ 151 bd de l'Hopital	| fax : 01-53-94-20-41		+
	+ 75013 Paris		| email: certsvp@renater.fr	+
	=========================================================