Описание
Security update for pam_radius
This update for pam_radius fixes the following issues:
- CVE-2015-9542: pam_radius: buffer overflow in password field (bsc#1163933)
Список пакетов
SUSE Enterprise Storage 6
pam_radius-1.4.0-3.3.1
SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS
pam_radius-1.4.0-3.3.1
SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS
pam_radius-1.4.0-3.3.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS
pam_radius-1.4.0-3.3.1
SUSE Linux Enterprise High Performance Computing 15-LTSS
pam_radius-1.4.0-3.3.1
SUSE Linux Enterprise Module for Server Applications 15 SP2
pam_radius-1.4.0-3.3.1
SUSE Linux Enterprise Module for Server Applications 15 SP3
pam_radius-1.4.0-3.3.1
SUSE Linux Enterprise Server 15 SP1-BCL
pam_radius-1.4.0-3.3.1
SUSE Linux Enterprise Server 15 SP1-LTSS
pam_radius-1.4.0-3.3.1
SUSE Linux Enterprise Server 15-LTSS
pam_radius-1.4.0-3.3.1
SUSE Linux Enterprise Server for SAP Applications 15
pam_radius-1.4.0-3.3.1
SUSE Linux Enterprise Server for SAP Applications 15 SP1
pam_radius-1.4.0-3.3.1
SUSE Manager Proxy 4.0
pam_radius-1.4.0-3.3.1
SUSE Manager Retail Branch Server 4.0
pam_radius-1.4.0-3.3.1
SUSE Manager Server 4.0
pam_radius-1.4.0-3.3.1
Ссылки
- Link for SUSE-SU-2021:1896-1
- E-Mail link for SUSE-SU-2021:1896-1
- SUSE Security Ratings
- SUSE Bug 1163933
- SUSE CVE CVE-2015-9542 page
Описание
add_password in pam_radius_auth.c in pam_radius 1.4.0 does not correctly check the length of the input password, and is vulnerable to a stack-based buffer overflow during memcpy(). An attacker could send a crafted password to an application (loading the pam_radius library) and crash it. Arbitrary code execution might be possible, depending on the application, C library, compiler, and other factors.
Затронутые продукты
SUSE Enterprise Storage 6:pam_radius-1.4.0-3.3.1
SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:pam_radius-1.4.0-3.3.1
SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:pam_radius-1.4.0-3.3.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS:pam_radius-1.4.0-3.3.1
Ссылки
- CVE-2015-9542
- SUSE Bug 1163933