MiracleLinux 4 : freeradius-2.2.6-4.AXS4 (AXSA:2015-304:01)

The remote MiracleLinux 4 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2015-304:01 advisory. The FreeRADIUS Server Project is a high performance and highly configurable GPL'd free RADIUS server. The server is similar in some respects to Livingston's 2...

RHEL 5 : freeradius2 (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - freeradius: stack-based buffer overflow flaw in rlmpap module CVE-2014-2015 Note that Nessus has not tested for thi...

Mageia: Security Advisory (MGASA-2014-0088)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2014:0525-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian: Security Advisory (DLA-977-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Gentoo Security Advisory GLSA 201406-12

Gentoo Linux Local Security Checks GLSA 201406-12 SPDX-FileCopyrightText: 2015 Eero Volotinen Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later ifdescription...

Medium: freeradius

Issue Overview: A stack-based buffer overflow was found in the way the FreeRADIUS rlmpap module handled long password hashes. An attacker able to make radiusd process a malformed password hash could cause the daemon to crash. Affected Packages: freeradius Issue Correction: Run yum update freeradi...

RHEL 6 : freeradius (RHSA-2015:1287)

Updated freeradius packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which giv...

CVE-2014-2015

Stack-based buffer overflow in the normify function in the rlmpap module modules/rlmpap/rlmpap.c in FreeRADIUS 2.x, possibly 2.2.3 and earlier, and 3.x, possibly 3.0.1 and earlier, might allow attackers to cause a denial of service crash and possibly execute arbitrary code via a long password has...

CVE-2014-2015

CVE-2014-2015 details a stack-based buffer overflow in the FreeRADIUS rlm_pap module's normify function. Affected: FreeRADIUS 2.x (including 2.2.3 and earlier) and 3.x (including 3.0.1 and earlier). Impact per sources: crash and possibly arbitrary code execution via a long SSHA password hash, wit...

CVE-2014-2015

Stack-based buffer overflow in the normify function in the rlmpap module modules/rlmpap/rlmpap.c in FreeRADIUS 2.x, possibly 2.2.3 and earlier, and 3.x, possibly 3.0.1 and earlier, might allow attackers to cause a denial of service crash and possibly execute arbitrary code via a long password has...

openSUSE Security Update : freeradius-server (openSUSE-SU-2014:0343-1)

FreeRadius received a security fix : A denial of service in rlmpap hash processing was fixed CVE-2014-2015 bnc864576 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update openSUSE-2014-191. The text...

Mandriva Linux Security Advisory : freeradius (MDVSA-2014:058)

Updated freeradius package fixes security vulnerability : SSHA processing in freeradius before 2.2.3 runs into a stack-based buffer overflow in the freeradius rlmpap module if the password source uses an unusually long hashed password CVE-2014-2015. %NASLMINLEVEL 70300 C Tenable Network Security,...

Fedora Update for freeradius FEDORA-2014-3192

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora Update for freeradius FEDORA-2014-3184

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 19 : freeradius-2.2.3-7.fc19 (2014-3192)

Fix stack-based buffer overflow flaw in rlmpap module: long password hashes used by the PAP module can cause a buffer overflow which may terminate the server. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has...

Ubuntu: Security Advisory (USN-2122-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 10.04 LTS / 12.04 LTS / 12.10 / 13.10 : freeradius vulnerabilities (USN-2122-1)

It was discovered that FreeRADIUS incorrectly handled unix authentication. A remote user could successfully authenticate with an expired password. CVE-2011-4966 Pierre Carrier discovered that FreeRADIUS incorrectly handled rlmpap hash processing. An authenticated user could use this issue to caus...