OpenBSD: login_radius security flaw
Posted by LinuxSecurity.com Team   
OpenBSD Eilko Bos has reported that radius authentication, as implemented by login_radius(8), was not checking the shared secret used for replies sent by the radius server.

Eilko Bos has reported that radius authentication, as implemented
by login_radius(8), was not checking the shared secret used for
replies sent by the radius server.  This could allow an attacker
to spoof a reply granting unauthorized access to the system.

This has been fixed in OpenBSD-current, OpenBSD 3.6, and the 3.4
and 3.5 -stable branches.  Patches are also available for OpenBSD
3.4 and 3.5:

     ftp://ftp.OpenBSD.org/pub/OpenBSD/patches/3.4/common/031_radius.patch
     ftp://ftp.OpenBSD.org/pub/OpenBSD/patches/3.5/common/020_radius.patch

Note that OpenBSD does not ship with radius authentication enabled.
Unless you have explicitly enabled radius authentication in
/etc/login.conf there is no impact.

For more details see:

     http://www.reseau.nl/advisories/0400-openbsd-radius.txt