Wind River Support Network

HomeDefectsCGP6-494
Fixed

CGP6-494 : Security Advisory - freeradius - CVE-2014-2015

Created: Dec 1, 2014    Updated: Dec 3, 2018
Resolved Date: Dec 9, 2014
Previous ID: LIN6-8884
Found In Version: 6.0.0.13
Fix Version: 6.0.0.15
Severity: Standard
Applicable for: Wind River Linux 6
Component/s: Userspace

Description

Stack-based buffer overflow in the normify function in the rlm_pap module (modules/rlm_pap/rlm_pap.c) in FreeRADIUS 2.x, possibly 2.2.3 and earlier, and 3.x, possibly 3.0.1 and earlier, might allow attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long password hash, as demonstrated by an SSHA hash.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2015

Other Downloads


Live chat
Online