Описание
add_password in pam_radius_auth.c in pam_radius 1.4.0 does not correctly check the length of the input password, and is vulnerable to a stack-based buffer overflow during memcpy(). An attacker could send a crafted password to an application (loading the pam_radius library) and crash it. Arbitrary code execution might be possible, depending on the application, C library, compiler, and other factors.
Отчет
As shipped in epel-6, the gcc compiler opts for __memcpy_chk() [with the correct buffer length] to ensure that there is a crash instead of an an overflow. Thus it is believed that only a Deianl of Service can be triggered using this flaw.
Дополнительная информация
Статус:
7.5 High
CVSS3
Связанные уязвимости
add_password in pam_radius_auth.c in pam_radius 1.4.0 does not correctly check the length of the input password, and is vulnerable to a stack-based buffer overflow during memcpy(). An attacker could send a crafted password to an application (loading the pam_radius library) and crash it. Arbitrary code execution might be possible, depending on the application, C library, compiler, and other factors.
add_password in pam_radius_auth.c in pam_radius 1.4.0 does not correctly check the length of the input password, and is vulnerable to a stack-based buffer overflow during memcpy(). An attacker could send a crafted password to an application (loading the pam_radius library) and crash it. Arbitrary code execution might be possible, depending on the application, C library, compiler, and other factors.
add_password in pam_radius_auth.c in pam_radius 1.4.0 does not correct ...
7.5 High
CVSS3