radius: download

| Main | Download | Compile | Press | Links | | More Projects | About the Author |

radius21.tar.Z Lucent RADIUS 2.1 as supplied by Lucent Technologies

Last Updated: 27th December 1999

radius-2.1.build.patch Enable radiusd to be built on Debian and Red Hat systems.
radius-2.1.overflow.patch Security fix for buffer overflow problem. You should at least apply this patch.

This fixes the Remote Buffer Overflow in Multiple RADIUS Implementations reported by ISS on the 5th of July 2001.

Last Updated: 5th July 2001

radius-2.1.util_segfault.patch Fix segmentation faults in md5test and dbmkeys.

Last Updated: 5th July 2001

radius-2.1.digest.patch Security fix for buffer overflow in message digest problem.

This patch fixes VU#589523 published in Advisory CA-2002-06 Vulnerabilities in Various Implementations of the RADIUS Protocol by CERT the 4th of March 2002. Note that this implementation of radius is not vulnerable to VU#936683.

Note: There was an earlier release of this patch that did not fully address the overflow problem. The original version of the patch is available for reference here.

Last Updated: 15th March 2002

radius-2.1.dict_valfind Patch to lookup value tokens by their name and the attribute name, rather than just their name. This fixes a problem where the wrong token may be returned if the same value name appears twice in the dictionary.

Last Updated: 17th May 2002

radius-2.1.comprehensive.patch.gz Comprehensive patch to remove dangerous system calls. This patch includes the changes in the above four patches.

Last Updated: 17th May 2002

  download directory

Copyright Notice: Lucent RADIUS 2.1 is released under the terms of the BSD licence, the copyright is held by Lucent Technologies. The patches are the work of Horms and are implicitly released under the terms of the BSD licence.

These patches were prepared with the assistance of: Mark Dowd, Wichert Akkerman, Andrew Tridgell, Eric Plaggenmarsch, James Hranicky and James Nuckolls .

Copyright © 1998-2002 Horms
Last Modified: Sat, 04 Mar 2006 02:33:43 -0500