Can anyone explain how I can test my own FreeRadius server to make sure it's not vulnerable? What do I need to exploit this vulnerability? I suspect that my FreeRadius server was the victim of an attack and I want to make sure I'm OK now. Thanks. -- Bruce
Bruce Bauman wrote:
Can anyone explain how I can test my own FreeRadius server to make sure it's not vulnerable?
You don't need to test. The announcement describes which versions are vulnerable. http://freeradius.org/security.html
What do I need to exploit this vulnerability?
Create a certificate with a very large ASN time field.
I suspect that my FreeRadius server was the victim of an attack and I want to make sure I'm OK now.
I don't understand. You can look at the version number, *or* the source code to see if you have the offending code. Why do tests when you can verify it directly? Alan DeKok.
participants (2)
-
Alan DeKok -
Bruce Bauman