SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Security)  >   FreeRADIUS Vendors:   FreeRADIUS Server Project
FreeRADIUS SHAA Stack Overflow Lets Remote Users Deny Service in Certain Cases
SecurityTracker Alert ID:  1029770
SecurityTracker URL:  http://securitytracker.com/id/1029770
CVE Reference:   CVE-2014-2015   (Links to External Site)
Updated:  Feb 20 2014
Original Entry Date:  Feb 17 2014
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  

Description:   A vulnerability was reported in FreeRADIUS. A remote user can cause denial of service conditions in certain cases.

A remote user with an existing user account and that can specify a specially crafted hashed SHAA password value can trigger a stack overflow in the rlm_pap module and cause the target service to crash.

Pierre Carrier from Airbnb reported this vulnerability.

Impact:   A remote user with an existing user account and that can specify a specially crafted hashed SHAA password value can cause the target service to crash.
Solution:   The vendor has issued source code fixes:

Master branch: https://github.com/FreeRADIUS/freeradius-server/commit/f610864d4c8f51d.patch

2.x: https://github.com/FreeRADIUS/freeradius-server/commit/0d606cfc29a.patch

3.x: https://github.com/FreeRADIUS/freeradius-server/commit/ff5147c9e5088c7.patch

Vendor URL:  freeradius.org/ (Links to External Site)
Cause:   Boundary error
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Jul 24 2015 (Red Hat Issues Fix) FreeRADIUS SHAA Stack Overflow Lets Remote Users Deny Service in Certain Cases
Red Hat has issued a fix for Red Hat Enterprise Linux 6.
Jul 30 2015 (Oracle Issues Fix for Oracle Linux) FreeRADIUS SHAA Stack Overflow Lets Remote Users Deny Service in Certain Cases
Oracle has issued a fix for Oracle Linux 6.



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC