Wind River Support Network

HomeDefectsCGP5-1257
Fixed

CGP5-1257 : Security Advisory - freeradius - CVE-2014-2015

Created: Dec 1, 2014    Updated: Dec 19, 2017
Resolved Date: Dec 9, 2014
Previous ID: LIN5-19808
Found In Version: 5.0.1.21
Fix Version: 5.0.1.22
Severity: Standard
Applicable for: Wind River Linux 5
Component/s: Userspace

Description

Stack-based buffer overflow in the normify function in the rlm_pap module (modules/rlm_pap/rlm_pap.c) in FreeRADIUS 2.x, possibly 2.2.3 and earlier, and 3.x, possibly 3.0.1 and earlier, might allow attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long password hash, as demonstrated by an SSHA hash.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2015

Other Downloads


Live chat
Online