Home > mailing lists

Re: BUG #5687: RADIUS Authentication issues - Mailing list pgsql-bugs

From	Tom Lane
Subject	Re: BUG #5687: RADIUS Authentication issues
Date	October 2, 2010 22:52:52
Msg-id	14007.1286059961@sss.pgh.pa.us Whole thread Raw
In response to	BUG #5687: RADIUS Authentication issues ("Alan DeKok" <aland@freeradius.org>)
Responses	Re: BUG #5687: RADIUS Authentication issues (Magnus Hagander <magnus@hagander.net>) Re: BUG #5687: RADIUS Authentication issues (Alan T DeKok <aland@freeradius.org>)
List	pgsql-bugs

Tree view

"Alan DeKok" <aland@freeradius.org> writes:
> CheckRADIUSAuth() in src/backend/libpq/auth.c is subject to spoofing attacks
> which can force all RADIUS authentications to fail.
> ...
> The source IP/port/RADIUS ID && authentication vector fields are checked
> *after* the socket is closed.  This allows an attacker to "race" the RADIUS
> server, and spoof the response, forcing PostgreSQL to treat the
> authentication as failed.

[ scratches head ... ]  I don't see the problem.  AFAICS the "verify
packet" code is just looking at local storage.  Where is the spoofing
possibility, and why would delaying the socket close accomplish
anything?

            regards, tom lane

pgsql-bugs by date:

From: Tom Lane
Date: 02 October 2010, 22:44:19
Subject: Re: src/tools/fsync/test_fsync.c does not compile

From: Craig Ringer
Date: 03 October 2010, 03:08:35
Subject: Re: Postgres 9.0 crash on win7

Re: BUG #5687: RADIUS Authentication issues - Mailing list pgsql-bugs

Previous

Next