"Mordechai T. Abzug" <[EMAIL PROTECTED]> wrote: > The following URL says there's a vulnerability in mod_auth_radius: > http://www.net-security.org/vuln.php?id=3997 > > Is this true? If so, has a new version been released?
Most of it is true, part is B.S. An attacker CANNOT spoof replies from the RADIUS server to exploit this vulnerability. The risk of this problem is extremely low. > [BTW: why does mod_auth_radius 1.5.7 source code refer to itself as > 1.5.4 in comments? Is it really 1.5.7 or 1.5.4?] Lack of due diligence. It's 1.5.7. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
