Skip site navigation (1) Skip section navigation (2)

Re: BUG #5687: RADIUS Authentication issues

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: "Alan DeKok" <aland(at)freeradius(dot)org>
Cc: pgsql-bugs(at)postgresql(dot)org
Subject: Re: BUG #5687: RADIUS Authentication issues
Date: 2010-10-02 22:52:41
Message-ID: 14007.1286059961@sss.pgh.pa.us (view raw or flat)
Thread:
Lists: pgsql-bugs
"Alan DeKok" <aland(at)freeradius(dot)org> writes:
> CheckRADIUSAuth() in src/backend/libpq/auth.c is subject to spoofing attacks
> which can force all RADIUS authentications to fail.
> ...
> The source IP/port/RADIUS ID && authentication vector fields are checked
> *after* the socket is closed.  This allows an attacker to "race" the RADIUS
> server, and spoof the response, forcing PostgreSQL to treat the
> authentication as failed.

[ scratches head ... ]  I don't see the problem.  AFAICS the "verify
packet" code is just looking at local storage.  Where is the spoofing
possibility, and why would delaying the socket close accomplish
anything?

			regards, tom lane

In response to

Responses

pgsql-bugs by date

Next:From: Craig RingerDate: 2010-10-03 03:08:11
Subject: Re: Postgres 9.0 crash on win7
Previous:From: Tom LaneDate: 2010-10-02 22:44:07
Subject: Re: src/tools/fsync/test_fsync.c does not compile

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group