Vulnerabilities > CVE-2015-9542 - Out-Of-Bounds Write vulnerability in multiple products

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
low complexity
freeradius
debian
canonical
CWE-787
nessus

Summary

add_password in pam_radius_auth.c in pam_radius 1.4.0 does not correctly check the length of the input password, and is vulnerable to a stack-based buffer overflow during memcpy(). An attacker could send a crafted password to an application (loading the pam_radius library) and crash it. Arbitrary code execution might be possible, depending on the application, C library, compiler, and other factors.

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-4290-1.NASL
    descriptionIt was discovered that libpam-radius-auth incorrectly handled certain long passwords. A remote attacker could possibly use this issue to cause libpam-radius-auth to crash, resulting in a denial of service. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-18
    modified2020-02-25
    plugin id134037
    published2020-02-25
    reporterUbuntu Security Notice (C) 2020 Canonical, Inc. / NASL script (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134037
    titleUbuntu 16.04 LTS / 18.04 LTS / 19.10 : libpam-radius-auth vulnerability (USN-4290-1)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-2116.NASL
    descriptionA vulnerability was found in pam_radius: the password length check was done incorrectly in the add_password() function in pam_radius_auth.c, resulting in a stack based buffer overflow. This could be used to crash (DoS) an application using the PAM stack for authentication. For Debian 8
    last seen2020-03-17
    modified2020-02-24
    plugin id133877
    published2020-02-24
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/133877
    titleDebian DLA-2116-1 : libpam-radius-auth security update
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2020-1117-1.NASL
    descriptionThis update for pam_radius fixes the following issues : CVE-2015-9542: Fixed a buffer overflow in password field (bsc#1163933). On s390x didn
    last seen2020-05-03
    modified2020-04-28
    plugin id136024
    published2020-04-28
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/136024
    titleSUSE SLES12 Security Update : pam_radius (SUSE-SU-2020:1117-1)