Debian 9 Stretch DLA-2304-1 Moderate: Libpam-radius-auth Buffer Overflow
debian lts
August 1, 2020
`add_password` in pam_radius_auth.c in pam_radius 1.4.0 does not correctly check the length of the input password, and is vulnerable to a stack-based buffer overflow during memcpy(...
Topics Covered
Summary
`add_password` in pam_radius_auth.c in pam_radius 1.4.0 does not
correctly check the length of the input password, and is vulnerable
to a stack-based buffer overflow during memcpy(). An attacker could
send a crafted password to an application (loading the pam_radius
library) and crash it. Arbitrary code execution might be possible,
depending on the application, C library, compiler, and other factors.
For Debian 9 stretch, this problem has been fixed in version
1.3.16-5+deb9u1.
We recommend that you upgrade your libpam-radius-auth packages.
For the detailed security status of libpam-radius-auth please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/source-package/libpam-radius-auth
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
Best,
Utkarsh
PREVIOUS
NEXT
Package: libpam-radius-auth
Version: 1.3.16-5+deb9u1
CVE ID: CVE-2015-9542
Debian Bug: 951396
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!