ISS warns of security flaw in RADIUS servers
Internet Security Systems Inc. has spotted what's believed to be the first known buffer-overflow vulnerability associated with remote-access servers, which could allow a hacker to gain control of an ISP's network.
The flaw is linked to the remote-access servers used by ISPs to authenticate users logging on to gain access to Internet services.
Hackers craft all kinds of buffer-overflow exploits as strings of commands that can be used to try and gain control of a server when its buffer doesn't filter the attack strings through bound-checking measures. Web and application servers, in particular, are well-known buffer-overflow targets, but security software firm ISS, has discovered that some RADIUS-based remote-access servers are vulnerable to this type of attack as well.
RADIUS, which stands for Remote Authentication Dial-In User Server, is an Internet Engineering Task Force (IETF) remote-access server standard for managing multi-user names and passwords in addition to maintaining account logs for a network.
The Lucent Technologies Inc. RADIUS server and the Merit RADIUS server can both be compromised by buffer-overflow attacks, according to Chris Rouland, director at X-Force, an ISS division that issues advisories on newly discovered security problems.
"The danger here is that a hacker could compromise the ISP's RADIUS server and steal the account passwords and compromise the internal network of the ISP," Rouland said. He emphasized that ISS did not publish the actual command-string exploit that could be used to compromise Lucent and Merit RADIUS Servers.
Lucent RADIUS Server is no longer maintained by Lucent. However, ISS worked with VA Linux Systems Inc., which maintains the package, to develop a patch for the buffer-overflow vulnerability spotted by ISS.
Merit has also made a patch to remedy the buffer-overflow vulnerabilty in Merit 3.6b RADIUS. ISS urged ISPs to upgrade their RADIUS Servers and warned that earlier versions of both RADIUS products may be affected, too.
Rouland added that the Lucent and Merit RADIUS Servers are typically used by smaller ISPs which probably have about 30 percent of all the Internet's dial-in ports, while the larger ISPs, account for approximately 70 percent of dial-in ports, tend to use different remote-access products.
ISS discovered the problems with the Lucent and Merit RADIUS Servers while researching security vulnerabilities in 802.11b wireless LANs, where RADIUS can be used to supplement what ISS views as the weak security measures in the wireless LAN standard.
The buffer-overflow exploit, which is "pretty simple," according to Rouland, may affect other vendor brands of RADIUS Servers that aren't being tested at the moment in the ISS.
» posted by abennett
Network World Fusion
Symantec Backup Exec 12 and Backup Exec System Recovery 8 deliver industry leading Windows data protection and system recovery. Download this whitepaper to find out the top reasons to upgrade and how to get continuous data protection and complete system recovery.
Data and system loss — from a hard drive failure, malicious attack, natural disaster, or simple human error — can happen anytime. Don’t leave your business vulnerable. Make sure you have a secure recovery strategy in place. Symantec's latest backup and system recovery technology can efficiently restore critical applications, individual emails and documents and even restore your entire system in minutes in the event of a loss.
Businesses face a growing challenge to ensure that the IT environment is properly protected. Backup Exec 12 integrates with other applications in the Symantec family of products, to complement your current data protection strategy, keep your data securely backed up and make it recoverable when you need it most.
Crimeware: Understanding New Attacks and Defenses
By Markus Jakobsson, Zulfikar Ramzan
Published Apr 6, 2008 by Addison-Wesley Professional. Part of the Symantec Press series.
Enter now! | Official rules | Sample chapter
Securing VoIP Networks: Threats, Vulnerabilities, and Countermeasures
By Peter Thermos, Ari Takanen
Published Aug 1, 2007 by Addison-Wesley Professional.
Enter now! | Official rules | Sample chapter
