[RADIATOR] Possible DOS attack against radiator with AuthPAM.pm ?
Markus Moeller
huaraz at moeller.plus.com
Mon Sep 28 14:45:00 CDT 2009
Mike,
Can we update the patch. I noticed another case where there exist the
Username attribute, but the value is "" (e.g. empty). So can the lines
(... REJECT..)
unless defined $user_name
to
(... REJECT..)
unless $user_name
Thank you
Markus
----- Original Message -----
From: "Mike McCauley" <mikem at open.com.au>
To: "Markus Moeller" <huaraz at moeller.plus.com>
Cc: <radiator at open.com.au>
Sent: Thursday, June 04, 2009 10:56 AM
Subject: Re: [RADIATOR] Possible DOS attack against radiator with AuthPAM.pm
?
> Hello Markus,
>
> thanks for the additional details. We have now fixed this problem. The fix
> is
> in the latest Radiator 4.4 patch set.
> We apologise for any inconvenience.
>
> Cheers
>
> On Thursday 04 June 2009 06:34:31 pm Markus Moeller wrote:
>> Mike,
>>
>> I do the following ( I think the dictionary error is the reason I don't
>> have a username as an attribute) :
>>
>> radpwtst -secret secret -s devserver04 -auth_port 1812 -acct_port 1813
>> Thu Jun 4 08:29:32 2009: ERR: Attribute number 1 is not defined in your
>> dictionary
>> Thu Jun 4 08:29:32 2009: ERR: Attribute number 6 is not defined in your
>> dictionary
>> Thu Jun 4 08:29:32 2009: ERR: Attribute number 4 is not defined in your
>> dictionary
>> Thu Jun 4 08:29:32 2009: ERR: Attribute number 32 is not defined in your
>> dictionary
>> Thu Jun 4 08:29:32 2009: ERR: Attribute number 5 is not defined in your
>> dictionary
>> Thu Jun 4 08:29:32 2009: ERR: Attribute number 30 is not defined in your
>> dictionary
>> Thu Jun 4 08:29:32 2009: ERR: Attribute number 31 is not defined in your
>> dictionary
>> Thu Jun 4 08:29:32 2009: ERR: Attribute number 61 is not defined in your
>> dictionary
>> Thu Jun 4 08:29:32 2009: ERR: Attribute number 2 is not defined in your
>> dictionary
>> Thu Jun 4 08:29:32 2009: WARNING: No such attribute Unknown
>> Thu Jun 4 08:29:32 2009: WARNING: No such attribute Unknown
>> Thu Jun 4 08:29:32 2009: WARNING: No such attribute Unknown
>> Thu Jun 4 08:29:32 2009: WARNING: No such attribute Unknown
>> Thu Jun 4 08:29:32 2009: WARNING: No such attribute Unknown
>> Thu Jun 4 08:29:32 2009: WARNING: No such attribute Unknown
>> Thu Jun 4 08:29:32 2009: WARNING: No such attribute Unknown
>> Thu Jun 4 08:29:32 2009: WARNING: No such attribute Unknown
>> Thu Jun 4 08:29:32 2009: WARNING: No such attribute Unknown
>> sending Access-Request...
>> No reply
>> Thu Jun 4 08:29:37 2009: ERR: Attribute number 1 is not defined in your
>> dictionary
>> Thu Jun 4 08:29:37 2009: ERR: Attribute number 6 is not defined in your
>> dictionary
>> Thu Jun 4 08:29:37 2009: ERR: Attribute number 4 is not defined in your
>> dictionary
>> Thu Jun 4 08:29:37 2009: ERR: Attribute number 32 is not defined in your
>> dictionary
>> Thu Jun 4 08:29:37 2009: ERR: Attribute number 5 is not defined in your
>> dictionary
>> Thu Jun 4 08:29:37 2009: ERR: Attribute number 61 is not defined in your
>> dictionary
>> Thu Jun 4 08:29:37 2009: ERR: Attribute number 44 is not defined in your
>> dictionary
>> Thu Jun 4 08:29:37 2009: ERR: Attribute number 40 is not defined in your
>> dictionary
>> Thu Jun 4 08:29:37 2009: ERR: Attribute number 30 is not defined in your
>> dictionary
>> Thu Jun 4 08:29:37 2009: ERR: Attribute number 31 is not defined in your
>> dictionary
>> Thu Jun 4 08:29:37 2009: ERR: Attribute number 41 is not defined in your
>> dictionary
>> Thu Jun 4 08:29:37 2009: WARNING: No such attribute Unknown
>> Thu Jun 4 08:29:37 2009: WARNING: No such attribute Unknown
>> Thu Jun 4 08:29:37 2009: WARNING: No such attribute Unknown
>> Thu Jun 4 08:29:37 2009: WARNING: No such attribute Unknown
>> Thu Jun 4 08:29:37 2009: WARNING: No such attribute Unknown
>> Thu Jun 4 08:29:37 2009: WARNING: No such attribute Unknown
>> Thu Jun 4 08:29:37 2009: WARNING: No such attribute Unknown
>> Thu Jun 4 08:29:37 2009: WARNING: No such attribute Unknown
>> Thu Jun 4 08:29:37 2009: WARNING: No such attribute Unknown
>> Thu Jun 4 08:29:37 2009: WARNING: No such attribute Unknown
>> Thu Jun 4 08:29:37 2009: WARNING: No such attribute Unknown
>> sending Accounting-Request Start...
>> No reply
>> Thu Jun 4 08:29:42 2009: ERR: Attribute number 1 is not defined in your
>> dictionary
>> Thu Jun 4 08:29:42 2009: ERR: Attribute number 6 is not defined in your
>> dictionary
>> Thu Jun 4 08:29:42 2009: ERR: Attribute number 4 is not defined in your
>> dictionary
>> Thu Jun 4 08:29:42 2009: ERR: Attribute number 32 is not defined in your
>> dictionary
>> Thu Jun 4 08:29:42 2009: ERR: Attribute number 5 is not defined in your
>> dictionary
>> Thu Jun 4 08:29:42 2009: ERR: Attribute number 61 is not defined in your
>> dictionary
>> Thu Jun 4 08:29:42 2009: ERR: Attribute number 44 is not defined in your
>> dictionary
>> Thu Jun 4 08:29:42 2009: ERR: Attribute number 40 is not defined in your
>> dictionary
>> Thu Jun 4 08:29:42 2009: ERR: Attribute number 30 is not defined in your
>> dictionary
>> Thu Jun 4 08:29:42 2009: ERR: Attribute number 31 is not defined in your
>> dictionary
>> Thu Jun 4 08:29:42 2009: ERR: Attribute number 41 is not defined in your
>> dictionary
>> Thu Jun 4 08:29:42 2009: ERR: Attribute number 46 is not defined in your
>> dictionary
>> Thu Jun 4 08:29:42 2009: ERR: Attribute number 42 is not defined in your
>> dictionary
>> Thu Jun 4 08:29:42 2009: ERR: Attribute number 43 is not defined in your
>> dictionary
>> Thu Jun 4 08:29:42 2009: WARNING: No such attribute Unknown
>> Thu Jun 4 08:29:42 2009: WARNING: No such attribute Unknown
>> Thu Jun 4 08:29:42 2009: WARNING: No such attribute Unknown
>> Thu Jun 4 08:29:42 2009: WARNING: No such attribute Unknown
>> Thu Jun 4 08:29:42 2009: WARNING: No such attribute Unknown
>> Thu Jun 4 08:29:42 2009: WARNING: No such attribute Unknown
>> Thu Jun 4 08:29:42 2009: WARNING: No such attribute Unknown
>> Thu Jun 4 08:29:42 2009: WARNING: No such attribute Unknown
>> Thu Jun 4 08:29:42 2009: WARNING: No such attribute Unknown
>> Thu Jun 4 08:29:42 2009: WARNING: No such attribute Unknown
>> Thu Jun 4 08:29:42 2009: WARNING: No such attribute Unknown
>> Thu Jun 4 08:29:42 2009: WARNING: No such attribute Unknown
>> Thu Jun 4 08:29:42 2009: WARNING: No such attribute Unknown
>> Thu Jun 4 08:29:42 2009: WARNING: No such attribute Unknown
>> sending Accounting-Request Stop...
>> No reply
>>
>> The radiator log with trace 4 is:
>>
>> Thu Jun 4 08:29:28 2009: DEBUG: include
>> /opt/radiator/etc/radiator_tacacs.cfg
>> Thu Jun 4 08:29:28 2009: DEBUG: Creating TACACSPLUS port 0.0.0.0:49
>> Thu Jun 4 08:29:28 2009: DEBUG: include
>> /opt/radiator/etc/radiator_log.cfg
>> Thu Jun 4 08:29:28 2009: DEBUG: include
>> /opt/radiator/etc/radiator_clients.cfg
>> Thu Jun 4 08:29:28 2009: DEBUG: include
>> /opt/radiator/etc/radiator_authby.cfg
>> Thu Jun 4 08:29:28 2009: DEBUG: Finished reading configuration file
>> '/opt/radiator/etc/radiator.cfg'
>> Thu Jun 4 08:29:28 2009: DEBUG: Reading dictionary file
>> '/opt/radiator/etc/dictionary'
>> Thu Jun 4 08:29:28 2009: DEBUG: Creating authentication port
>> 0.0.0.0:1812
>> Thu Jun 4 08:29:28 2009: DEBUG: Creating accounting port 0.0.0.0:1813
>> Thu Jun 4 08:29:28 2009: NOTICE: Server started: Radiator 4.3.1 on
>> devserver04
>> Thu Jun 4 08:29:32 2009: DEBUG: Packet dump:
>> *** Received from 10.129.189.216 port 56607 ....
>> Code: Access-Request
>> Identifier: 197
>> Authentic: <u<14><195><166>:7<19><220><224>xT<128>N<239><180>
>> Attributes:
>>
>> Thu Jun 4 08:29:32 2009: DEBUG: Handling request with Handler
>> 'DeviceType="generic",AuthType="radius"'
>> Thu Jun 4 08:29:32 2009: DEBUG: Deleting session for , 10.129.189.216,
>> Thu Jun 4 08:29:32 2009: DEBUG: Handling with Radius::AuthGROUP:
>> PAMAuthentication
>> Thu Jun 4 08:29:32 2009: DEBUG: Handling with PAM service Radiator
>> Thu Jun 4 08:29:32 2009: DEBUG: PAM is asking for 2: 'Please enter user
>> name'
>> Thu Jun 4 08:29:32 2009: DEBUG: PAM is asking for 2: 'Please enter user
>> name'
>> Thu Jun 4 08:29:32 2009: DEBUG: PAM is asking for 2: 'Please enter user
>> name'
>>
>>
>> Radiator config extract:
>>
>> #
>> # Authentication via PAM (Kerberos)
>> #
>> # the Service Tags must be present in /etc/pam.conf:
>> #
>> <AuthBy PAM>
>> Identifier PAMAuthentication
>> Service Radiator
>> </AuthBy>
>>
>>
>> It runs on Solaris 10 sparc
>>
>> /etc/pam.conf with Russ Allbery module
>>
>> Radiator auth requisite pam_authtok_get.so.1
>> Radiator auth required pam_krb5-3.13.so realm=TESTDOMAIN.COM
>> minimum_uid=100 use_first_pass no_ccache debug
>>
>> Regards
>> Markus
>>
>> ----- Original Message -----
>> From: "Mike McCauley" <mikem at open.com.au>
>> To: "Markus Moeller" <huaraz at moeller.plus.com>
>> Sent: Wednesday, June 03, 2009 11:18 PM
>> Subject: Re: [RADIATOR] Possible DOS attack against radiator with
>> AuthPAM.pm ?
>>
>> > Hello Markus,
>> >
>> > On Thursday 04 June 2009 07:46:55 am Markus Moeller wrote:
>> >> I noticed when I use radpwtst without a username/password to send a
>> >> request
>> >> to Radiator which is configured with AuthPAM.pm Radiator loops
>> >> indefinetly
>> >> in pam_conv_func. With trace enabled I get millions of messages like
>> >> "PAM is asking for 2: '....." filling up my disk.
>> >
>> > When you say 'without a username/password' do you mean they were blank,
>> > or that the attributes were not present in the request?
>> >
>> > How exactly did you reproduce this?
>> >
>> > Cheers.
>> >
>> >> Markus
>> >
>> > --
>> > Mike McCauley mikem at open.com.au
>> > Open System Consultants Pty. Ltd
>> > 9 Bulbul Place Currumbin Waters QLD 4223 Australia
>> > http://www.open.com.au
>> > Phone +61 7 5598-7474 Fax +61 7 5598-7070
>> >
>> > Radiator: the most portable, flexible and configurable RADIUS server
>> > anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
>> > Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
>> > TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, DIAMETER etc. Full source
>> > on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc.
>
>
>
> --
> Mike McCauley mikem at open.com.au
> Open System Consultants Pty. Ltd
> 9 Bulbul Place Currumbin Waters QLD 4223 Australia
> http://www.open.com.au
> Phone +61 7 5598-7474 Fax +61 7 5598-7070
>
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
> Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
> TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, DIAMETER etc. Full source
> on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc.
>
More information about the radiator
mailing list