Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2014-2015

Опубликовано: 12 фев. 2014
Источник: redhat
CVSS2: 6.5
EPSS Низкий

Описание

Stack-based buffer overflow in the normify function in the rlm_pap module (modules/rlm_pap/rlm_pap.c) in FreeRADIUS 2.x, possibly 2.2.3 and earlier, and 3.x, possibly 3.0.1 and earlier, might allow attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long password hash, as demonstrated by an SSHA hash.

A stack-based buffer overflow was found in the way the FreeRADIUS rlm_pap module handled long password hashes. An attacker able to make radiusd process a malformed password hash could cause the daemon to crash.

Отчет

This issue affects the versions of freeradius2 as shipped with Red Hat Enterprise Linux 5. Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/. This issue did not affect the versions of freeradius as shipped with Red Hat Enterprise Linux 5 and 7.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5freeradiusNot affected
Red Hat Enterprise Linux 5freeradius2Will not fix
Red Hat Enterprise Linux 7freeradiusNot affected
Red Hat Enterprise Linux 6freeradiusFixedRHSA-2015:128720.07.2015

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-121
https://bugzilla.redhat.com/show_bug.cgi?id=1066761freeradius: stack-based buffer overflow flaw in rlm_pap module

EPSS

Процентиль: 74%
0.00881
Низкий

6.5 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2014-2015

ubuntu
почти 11 лет назад

Stack-based buffer overflow in the normify function in the rlm_pap module (modules/rlm_pap/rlm_pap.c) in FreeRADIUS 2.x, possibly 2.2.3 and earlier, and 3.x, possibly 3.0.1 and earlier, might allow attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long password hash, as demonstrated by an SSHA hash.

nvd логотип

CVE-2014-2015

nvd
почти 11 лет назад

Stack-based buffer overflow in the normify function in the rlm_pap module (modules/rlm_pap/rlm_pap.c) in FreeRADIUS 2.x, possibly 2.2.3 and earlier, and 3.x, possibly 3.0.1 and earlier, might allow attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long password hash, as demonstrated by an SSHA hash.

debian логотип

CVE-2014-2015

debian
почти 11 лет назад

Stack-based buffer overflow in the normify function in the rlm_pap mod ...

github логотип

GHSA-4w6w-6xrm-w35q

github
больше 3 лет назад

Stack-based buffer overflow in the normify function in the rlm_pap module (modules/rlm_pap/rlm_pap.c) in FreeRADIUS 2.x, possibly 2.2.3 and earlier, and 3.x, possibly 3.0.1 and earlier, might allow attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long password hash, as demonstrated by an SSHA hash.

oracle-oval логотип

ELSA-2015-1287

oracle-oval
около 10 лет назад

ELSA-2015-1287: freeradius security, bug fix, and enhancement update (MODERATE)

EPSS

Процентиль: 74%
0.00881
Низкий

6.5 Medium

CVSS2