(RADIATOR) Important Security Alert

[Mike McCauley]

Hello,

This is an important security alert that affects all operators of Radiator 3.x 
versions.

A Radiator operator has recently identified a security issue involving the 
%Eval special character syntax and AuthBy SQL and AuthBy LDAP*.

This issue affects Radiator versions 3.0, 3.1 and 3.2.

There have been no reports of this issue being exploited, however we recommend 
that all operators of Radiator version 3.0, 3.1 and 3.2 download and install 
a patched version of Util.pm as soon as possible.

We have uploaded a patched version of Util.pm that removes support for %Eval 
to the Radiator web site. It is available to all current licensees at 
http://www.open.com.au/radiator/downloads/patches-3.2/Util.pm

Current evaluators that require the patch should contact me directly.

Please contact the Radiator mailing list if you have any difficulty with 
installing this patch.

A new version of Radiator will be release in the next day or two.


-- 
Mike McCauley                               mikem at open.com.au
Open System Consultants Pty. Ltd            Unix, Perl, Motif, C++, WWW
24 Bateman St Hampton, VIC 3188 Australia   http://www.open.com.au
Phone +61 3 9598-0985                       Fax   +61 3 9598-0955

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, TACACS+, PAM, external, Active Directory etc etc 
on Unix, Win95/8, 2000, NT, MacOS 9, MacOS X etc etc

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.