12 Sep
2012
12 Sep
'12
9:57 a.m.
Bruce Bauman wrote:
Can anyone explain how I can test my own FreeRadius server to make sure it's not vulnerable?
You don't need to test. The announcement describes which versions are vulnerable. http://freeradius.org/security.html
What do I need to exploit this vulnerability?
Create a certificate with a very large ASN time field.
I suspect that my FreeRadius server was the victim of an attack and I want to make sure I'm OK now.
I don't understand. You can look at the version number, *or* the source code to see if you have the offending code. Why do tests when you can verify it directly? Alan DeKok.