#VU34810 Out-of-bounds write in pam_radius and Debian Linux - CVE-2015-9542

Cybersecurity Help s.r.o.

Published: 2020-02-24 | Updated: 2020-08-08

Vulnerability identifier: #VU34810

Vulnerability risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2015-9542

CWE-ID: CWE-787

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
pam_radius
Other software / Other software solutions
Debian Linux
Operating systems & Components / Operating system

Vendor: FreeRADIUS
Debian

Description

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

add_password in pam_radius_auth.c in pam_radius 1.4.0 does not correctly check the length of the input password, and is vulnerable to a stack-based buffer overflow during memcpy(). An attacker could send a crafted password to an application (loading the pam_radius library) and crash it. Arbitrary code execution might be possible, depending on the application, C library, compiler, and other factors.

Mitigation
Install update from vendor's website.

Vulnerable software versions

pam_radius: 1.4.0

Debian Linux: 1.4.0 - 8.0

External links
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-9542
https://github.com/FreeRADIUS/pam_radius/commit/01173ec2426627dbb1e0d96c06c3ffa0b14d36d0
https://lists.debian.org/debian-lts-announce/2020/02/msg00023.html
https://lists.debian.org/debian-lts-announce/2020/08/msg00000.html
https://usn.ubuntu.com/4290-1/
https://usn.ubuntu.com/4290-2/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

SUSE update for pam_radius

Out-of-bounds write in FreeRADIUS pam_radius

Fedora EPEL 6 update for pam_radius