Lucene search

K

[email protected]NVD:CVE-2014-2015

HistoryNov 02, 2014 - 12:55 a.m.

CVE-2014-2015

2014-11-0200:55:03

CWE-119

[email protected]

web.nvd.nist.gov

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.8 High

AI Score

Confidence

Low

0.008 Low

EPSS

Percentile

81.8%

Stack-based buffer overflow in the normify function in the rlm_pap module (modules/rlm_pap/rlm_pap.c) in FreeRADIUS 2.x, possibly 2.2.3 and earlier, and 3.x, possibly 3.0.1 and earlier, might allow attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long password hash, as demonstrated by an SSHA hash.

Affected configurations

NVD

Node

freeradiusfreeradiusMatch2.0

OR

freeradiusfreeradiusMatch2.0.1

OR

freeradiusfreeradiusMatch2.0.2

OR

freeradiusfreeradiusMatch2.0.3

OR

freeradiusfreeradiusMatch2.0.4

OR

freeradiusfreeradiusMatch2.0.5

OR

freeradiusfreeradiusMatch2.1.0

OR

freeradiusfreeradiusMatch2.1.1

OR

freeradiusfreeradiusMatch2.1.2

OR

freeradiusfreeradiusMatch2.1.3

OR

freeradiusfreeradiusMatch2.1.4

OR

freeradiusfreeradiusMatch2.1.6

OR

freeradiusfreeradiusMatch2.1.7

OR

freeradiusfreeradiusMatch2.1.8

OR

freeradiusfreeradiusMatch2.1.9

OR

freeradiusfreeradiusMatch2.1.10

OR

freeradiusfreeradiusMatch2.1.11

OR

freeradiusfreeradiusMatch2.1.12

OR

freeradiusfreeradiusMatch2.2.0

OR

freeradiusfreeradiusMatch2.2.1

OR

freeradiusfreeradiusMatch2.2.2

OR

freeradiusfreeradiusMatch2.2.3

OR

freeradiusfreeradiusMatch3.0.0

OR

freeradiusfreeradiusMatch3.0.1

References

lists.freebsd.org/pipermail/freebsd-bugbusters/2014-February/000610.html

lists.freebsd.org/pipermail/freebsd-bugbusters/2014-February/000612.html

lists.freebsd.org/pipermail/freebsd-bugbusters/2014-February/000616.html

rhn.redhat.com/errata/RHSA-2015-1287.html

ubuntu.com/usn/usn-2122-1

www.openwall.com/lists/oss-security/2014/02/18/3

www.securityfocus.com/bid/65581

bugzilla.redhat.com/show_bug.cgi?id=1066761

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.8 High

AI Score

Confidence

Low

0.008 Low

EPSS

Percentile

81.8%

Related for NVD:CVE-2014-2015

oraclelinux1 redhat1 nessus14 openvas13 fedora2 gentoo1 debiancve1 prion1 cvelist1 ubuntucve1 mageia1 veracode1 amazon1 centos1 cve1 ubuntu1 securityvulns2 osv1 debian1