by Vik Baj » Wed, 21 Aug 1996 04:00:00
I thought I'd ask if anyone is familiar with any security problems with
the US Robotics Netserver line of terminal servers or their
implementation of RADIUS. I haven't come across anything so far (good or
bad), as the product is somewhat new. I'd appreciate any coments.
Truly,
Vik
by David-Michael Linc » Thu, 22 Aug 1996 04:00:00
: I thought I'd ask if anyone is familiar with any security problems with
: the US Robotics Netserver line of terminal servers or their
: implementation of RADIUS. I haven't come across anything so far (good or
: bad), as the product is somewhat new. I'd appreciate any coments.
:
: Truly,
:
: Vik
US Robotics Netservers are virtually identical to Livingston Portmaster
communications servers running ComOS 3.1.4 (later revisions aren't being
licensed to US Robotics anymore). They are quite popular with many ISPs and
I haven't heard about any security problems relating to ComOS or their
implementation of Radius ever.
dave
--
David-Michael Lincke
Research Assistant
Institute for Information Management IWI-HSG, University of St. Gallen
URL: http://www-iwi.unisg.ch/about/team/dal.html
by Lance Caven » Thu, 22 Aug 1996 04:00:00
--
,..............................................,
| Lance Cavener |
`----------------------------------------------'
| "The Apple Macintosh is for people who get |
| confused with more than 1 mouse button" |
| Former lead programmer of OS/2 |
`----------------------------------------------'
by Thomas H. Ptac » Fri, 23 Aug 1996 04:00:00
You're not listening closely enough.Quote:>licensed to US Robotics anymore). They are quite popular with many ISPs and
>I haven't heard about any security problems relating to ComOS or their
>implementation of Radius ever.
The RADIUS server, as distributed by Livingston, has serious
bounds-checking problems. The server runs with root creds, meaning that as
soon as someone releases a slick DNS-overflow exploit for Linux or
FreeBSD, it'll be modified within a day to a "get root quick through
radiusd" exploit.
On top of that, the "shared secrets" between the terminal servers and the
authentication server are stored in cleartext.
Finally, within the last quarter, there was a row about a ComOS
denial-of-service problem which allowed arbitrary people to crash their
Portmaster products.
---------------------------------------------------------------------------
Tom Ptacek at The rdist Organization / exit(main(kfp->kargc, argv, environ));
"If you're so special, why aren't you dead?"
by Lance Caven » Fri, 23 Aug 1996 04:00:00
Then explain how to fix all thoes exploits.
--
,..............................................,
| Lance Cavener |
`----------------------------------------------'
| "The Apple Macintosh is for people who get |
| confused with more than 1 mouse button" |
| Former lead programmer of OS/2 |
`----------------------------------------------'
1. SUN ISDN 1.0.4 to USR Netserver
I have been trying to get my Sparc 5 with a SUN ISDN adaptor card and
SUNISDN 1.0.4 to make a PPP conection with a US Robotics netserver 8/i
Has anybody else out there ever had any success with this ??
Would they be prepared to advise me ??
Has anybody else come to the conclusion that mybe it isn't possible ??
Steve Holmes
3. PPP to USR Netserver 3.4.77 Config-Request failure
4. Authentication failed - xinit: Server error
5. /usr/bin/ls /usr/ucb/ls /usr/local/bin/ls
8. (no subject)
9. Consequences of moving /usr/dt, /usr/java1.1, /usr/share
10. is /usr/bin/passwd as a shell a security-hazard?
11. (Re: Thanks) SECURITY (Solaris 8) /usr/bin/login echoing username
12. reboot required for /usr/lib/security/methods.cfg change?
13. SSHd on Solaris: can not open module /usr/lib/security/pam_unix.so.