oss-sec mailing list archives

CVE request: freeradius denial of service in rlm_pap hash processing

From: Florian Weimer <fw () deneb enyo de>
Date: Sun, 16 Feb 2014 10:45:12 +0100

SSHA (and presumably SSHA) processing runs into a stack-based buffer
overflow in the freeradius rlm_pap module if the password source uses
an unusually long hashed password, as reported publicly here:

<http://lists.freebsd.org/pipermail/freebsd-bugbusters/2014-February/000610.html>

(Also see the discussion in the follow-ups.)

Fix for 2.x:

<https://github.com/FreeRADIUS/freeradius-server/commit/0d606cfc29a.patch>

Fix for 3.x:

<https://github.com/FreeRADIUS/freeradius-server/commit/ff5147c9e5088c7.patch>

Fix for the master branch:

<https://github.com/FreeRADIUS/freeradius-server/commit/f610864d4c8f51d.patch>

Current thread:

CVE request: freeradius denial of service in rlm_pap hash processing Florian Weimer (Feb 16)
- Re: CVE request: freeradius denial of service in rlm_pap hash processing cve-assign (Feb 18)