Vulnerability Details : CVE-2014-2015
Stack-based buffer overflow in the normify function in the rlm_pap module (modules/rlm_pap/rlm_pap.c) in FreeRADIUS 2.x, possibly 2.2.3 and earlier, and 3.x, possibly 3.0.1 and earlier, might allow attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long password hash, as demonstrated by an SSHA hash.
Vulnerability category: OverflowExecute codeDenial of service
Products affected by CVE-2014-2015
- cpe:2.3:a:freeradius:freeradius:2.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:freeradius:freeradius:2.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:freeradius:freeradius:2.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:freeradius:freeradius:2.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:freeradius:freeradius:2.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:freeradius:freeradius:2.1.9:*:*:*:*:*:*:*
- cpe:2.3:a:freeradius:freeradius:2.1.7:*:*:*:*:*:*:*
- cpe:2.3:a:freeradius:freeradius:2.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:freeradius:freeradius:2.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:freeradius:freeradius:2.1.8:*:*:*:*:*:*:*
- cpe:2.3:a:freeradius:freeradius:2.1.11:*:*:*:*:*:*:*
- cpe:2.3:a:freeradius:freeradius:2.1.12:*:*:*:*:*:*:*
- cpe:2.3:a:freeradius:freeradius:2.1.10:*:*:*:*:*:*:*
- cpe:2.3:a:freeradius:freeradius:2.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:freeradius:freeradius:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:freeradius:freeradius:2.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:freeradius:freeradius:2.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:freeradius:freeradius:2.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:freeradius:freeradius:2.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:freeradius:freeradius:2.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:freeradius:freeradius:3.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:freeradius:freeradius:2.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:freeradius:freeradius:2.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:freeradius:freeradius:3.0.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-2015
0.84%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 83 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-2015
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
CWE ids for CVE-2014-2015
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-2015
-
http://www.openwall.com/lists/oss-security/2014/02/18/3
oss-security - Re: CVE request: freeradius denial of service in rlm_pap hash processingPatch
-
http://lists.freebsd.org/pipermail/freebsd-bugbusters/2014-February/000610.html
freeradius denial of service in authentication flowExploit
-
http://lists.freebsd.org/pipermail/freebsd-bugbusters/2014-February/000612.html
freeradius denial of service in authentication flow
-
http://www.securityfocus.com/bid/65581
FreeRADIUS 'rlm_pap' Module Denial of Service Vulnerability
-
https://bugzilla.redhat.com/show_bug.cgi?id=1066761
1066761 – (CVE-2014-2015) CVE-2014-2015 freeradius: stack-based buffer overflow flaw in rlm_pap module
-
http://ubuntu.com/usn/usn-2122-1
USN-2122-1: FreeRADIUS vulnerabilities | Ubuntu security notices
-
http://rhn.redhat.com/errata/RHSA-2015-1287.html
RHSA-2015:1287 - Security Advisory - Red Hat Customer Portal
-
http://lists.freebsd.org/pipermail/freebsd-bugbusters/2014-February/000616.html
freeradius denial of service in authentication flow
Jump to