Computer Security
[EN] securityvulns.ru no-pyccku


FreeRADIUS security vulnerabilities
Published:28.02.2014
Source:
SecurityVulns ID:13576
Type:remote
Threat Level:
6/10
Description:rlm_unix protection bypass, rlm_pap memory corruption.
Affected:FREERADIUS : FreeRADIUS 2.2
CVE:CVE-2014-2015 (Stack-based buffer overflow in the normify function in the rlm_pap module (modules/rlm_pap/rlm_pap.c) in FreeRADIUS 2.x, possibly 2.2.3 and earlier, and 3.x, possibly 3.0.1 and earlier, might allow attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long password hash, as demonstrated by an SSHA hash.)
 CVE-2011-4966 (modules/rlm_unix/rlm_unix.c in FreeRADIUS before 2.2.0, when unix mode is enabled for user authentication, does not properly check the password expiration in /etc/shadow, which allows remote authenticated users to authenticate using an expired password.)
Original documentdocumentUBUNTU, [USN-2122-1] FreeRADIUS vulnerabilities (28.02.2014)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod