From hamdi.tounsi@ati.tn Tue Apr 21 01:41:38 1998
From: Hamdi Tounsi 
To: BUGTRAQ@NETSPACE.ORG
Date: Wed, 15 Apr 1998 08:38:32 -0100
Subject: code to crash radiusd


Hi all
the following will crash radiusd from livingston, 1.16 and 2.0.1 97/5/22 (the
latest version)
i alerted livingston a few months ago ... a bugfix should be available now
one important thing is that you dont need the shared secret between the radius
server and its clients to be able to crash it, since the accounting server
will try to log the accounting request (though it will flag it as unverified)
of course you need to be listed in the clients config file to be able to send an accounting request. otherwise spoof ;)

--hamdi


#!/usr/bin/perl
use Authen::RadiusAcct;

[snip...]

        {Name => 'Framed-Filter-Id',Type =>'string',Value =>pack('A127','C')},

[snip...]