Hi Peter, there have been multiple Buffer overrun vulnerabilities discovered in radiusd's descended from livingston's original implementation. the ascendd which you mention is apparently affected, as well as the extant versions of livingtson radius. These are non-product versions of the daemon which have been available from Livingston and Ascend, which have been freely available in source code form for a long time. They are not supported by Lucent. I can't comment on the security of third party radiusd's, but Lucent's Product NavisRadius 3.X/4.X uses Java rather than C, which provides runtime boundary checks which should provide some protection from this form of attack. Greg > -----Original Message----- > From: Peter.DeSchrijver at netcom-kassel.de > [mailto:Peter.DeSchrijver at netcom-kassel.de] > Sent: Monday, August 27, 2001 6:46 PM > To: ascend-users at bungi.com > Subject: (ASCEND) Radius ascendd 1.16 > > > Hi all ! > > I am currently using ascendd 1.16 and I´d like to give my users new > usernames. > For administrative reasons the emailadress seems a good Idea. > > Is 1.16 (980618!) the most current/safest ascendd ? > > TIA > Peter De Schrijver > > ++ Ascend Users Mailing List ++ > To unsubscribe: send unsubscribe to > ascend-users-request at bungi.com > Archives: http://www.nexial.com/mailinglists/ > ++ Ascend Users Mailing List ++ To unsubscribe: send unsubscribe to ascend-users-request at bungi.com Archives: http://www.nexial.com/mailinglists/