Описание
Stack-based buffer overflow in the normify function in the rlm_pap module (modules/rlm_pap/rlm_pap.c) in FreeRADIUS 2.x, possibly 2.2.3 and earlier, and 3.x, possibly 3.0.1 and earlier, might allow attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long password hash, as demonstrated by an SSHA hash.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | released | 2.1.12+dfsg-1.2ubuntu8 |
| lucid | released | 2.1.8+dfsg-1ubuntu1.1 |
| precise | released | 2.1.10+dfsg-3ubuntu0.12.04.2 |
| quantal | released | 2.1.12+dfsg-1.1ubuntu0.1 |
| saucy | released | 2.1.12+dfsg-1.2ubuntu5.1 |
| upstream | needed |
Показывать по
7.5 High
CVSS2
Связанные уязвимости
Stack-based buffer overflow in the normify function in the rlm_pap module (modules/rlm_pap/rlm_pap.c) in FreeRADIUS 2.x, possibly 2.2.3 and earlier, and 3.x, possibly 3.0.1 and earlier, might allow attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long password hash, as demonstrated by an SSHA hash.
Stack-based buffer overflow in the normify function in the rlm_pap module (modules/rlm_pap/rlm_pap.c) in FreeRADIUS 2.x, possibly 2.2.3 and earlier, and 3.x, possibly 3.0.1 and earlier, might allow attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long password hash, as demonstrated by an SSHA hash.
Stack-based buffer overflow in the normify function in the rlm_pap mod ...
Stack-based buffer overflow in the normify function in the rlm_pap module (modules/rlm_pap/rlm_pap.c) in FreeRADIUS 2.x, possibly 2.2.3 and earlier, and 3.x, possibly 3.0.1 and earlier, might allow attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long password hash, as demonstrated by an SSHA hash.
ELSA-2015-1287: freeradius security, bug fix, and enhancement update (MODERATE)
7.5 High
CVSS2