Reset Search



JSA10385 - Certain crafted packets can crash Steel-Belted Radius or hijack the server machine.

« Go Back


Product AffectedSteel-Belted Radius v5.4.0 (Enterprise and Global Enterprise, Steel-Belted Radius v5.4.1 (Enterprise and Global Enterprise)
By sending crafted, invalid data to the TCP administration port (1813 by default) or the TCP control port (1812 by default) an attacker may be able to crash the SBR server process. An attacker may also be able to inject code that will run as root on the server machine.

If firewalls or other measures in your enterprise protect these ports well enough, then this vulnerability may not be serious for you.

This issue affects all versions of SBR built prior to July 31, 2008 running on Linux or Solaris platforms. Versions of SBR running on Windows platforms are not affected.
Pulse Secure has created a patch for each affected version.
Please see the attached document for instructions on installing the patches.
Related Links
CVSS Score
Risk AssessmentThis vulnerability is a remotely exploitable Denial of Service and hijack. An attacker requires no logon access or other privileges on the Steel-Belted Radius server.
Alert TypePSN - Product Support Notification
Risk LevelHigh
Attachment 2 
Legacy IDPSN-2008-07-029, JSA10385



Was this article helpful?



Please tell us how we can make this article more useful.

Characters Remaining: 255