Out-of-bounds write in pam_radius and Debian Linux - CVE-2015-9542
Published: February 24, 2020 / Updated: August 8, 2020
Vulnerability identifier: #VU34810
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2015-9542
CWE-ID: CWE-787
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: FreeRADIUS
Debian
Debian
Affected software:
pam_radius
Debian Linux
pam_radius
Debian Linux
Detailed vulnerability description
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
add_password in pam_radius_auth.c in pam_radius 1.4.0 does not correctly check the length of the input password, and is vulnerable to a stack-based buffer overflow during memcpy(). An attacker could send a crafted password to an application (loading the pam_radius library) and crash it. Arbitrary code execution might be possible, depending on the application, C library, compiler, and other factors.
How to mitigate CVE-2015-9542
Install update from vendor's website.
Sources
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-9542
- https://github.com/FreeRADIUS/pam_radius/commit/01173ec2426627dbb1e0d96c06c3ffa0b14d36d0
- https://lists.debian.org/debian-lts-announce/2020/02/msg00023.html
- https://lists.debian.org/debian-lts-announce/2020/08/msg00000.html
- https://usn.ubuntu.com/4290-1/
- https://usn.ubuntu.com/4290-2/