{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-02-12T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "Stack-based buffer overflow in the normify function in the rlm_pap module (modules/rlm_pap/rlm_pap.c) in FreeRADIUS 2.x, possibly 2.2.3 and earlier, and 3.x, possibly 3.0.1 and earlier, might allow attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long password hash, as demonstrated by an SSHA hash."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-01-04T19:57:01.000Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "[freebsd-bugbusters] 20140214 freeradius denial of service in authentication flow", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://lists.freebsd.org/pipermail/freebsd-bugbusters/2014-February/000616.html"}, {"name": "[oss-security] 20140216 Re: CVE request: freeradius denial of service in rlm_pap hash processing", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2014/02/18/3"}, {"name": "RHSA-2015:1287", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1287.html"}, {"name": "[freebsd-bugbusters] 20140213 freeradius denial of service in authentication flow", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://lists.freebsd.org/pipermail/freebsd-bugbusters/2014-February/000612.html"}, {"name": "USN-2122-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://ubuntu.com/usn/usn-2122-1"}, {"name": "[freebsd-bugbusters] 20140212 freeradius denial of service in authentication flow", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://lists.freebsd.org/pipermail/freebsd-bugbusters/2014-February/000610.html"}, {"name": "65581", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/65581"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1066761"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-2015", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Stack-based buffer overflow in the normify function in the rlm_pap module (modules/rlm_pap/rlm_pap.c) in FreeRADIUS 2.x, possibly 2.2.3 and earlier, and 3.x, possibly 3.0.1 and earlier, might allow attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long password hash, as demonstrated by an SSHA hash."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "[freebsd-bugbusters] 20140214 freeradius denial of service in authentication flow", "refsource": "MLIST", "url": "http://lists.freebsd.org/pipermail/freebsd-bugbusters/2014-February/000616.html"}, {"name": "[oss-security] 20140216 Re: CVE request: freeradius denial of service in rlm_pap hash processing", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2014/02/18/3"}, {"name": "RHSA-2015:1287", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2015-1287.html"}, {"name": "[freebsd-bugbusters] 20140213 freeradius denial of service in authentication flow", "refsource": "MLIST", "url": "http://lists.freebsd.org/pipermail/freebsd-bugbusters/2014-February/000612.html"}, {"name": "USN-2122-1", "refsource": "UBUNTU", "url": "http://ubuntu.com/usn/usn-2122-1"}, {"name": "[freebsd-bugbusters] 20140212 freeradius denial of service in authentication flow", "refsource": "MLIST", "url": "http://lists.freebsd.org/pipermail/freebsd-bugbusters/2014-February/000610.html"}, {"name": "65581", "refsource": "BID", "url": "http://www.securityfocus.com/bid/65581"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1066761", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1066761"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T09:58:16.213Z"}, "title": "CVE Program Container", "references": [{"name": "[freebsd-bugbusters] 20140214 freeradius denial of service in authentication flow", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://lists.freebsd.org/pipermail/freebsd-bugbusters/2014-February/000616.html"}, {"name": "[oss-security] 20140216 Re: CVE request: freeradius denial of service in rlm_pap hash processing", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2014/02/18/3"}, {"name": "RHSA-2015:1287", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1287.html"}, {"name": "[freebsd-bugbusters] 20140213 freeradius denial of service in authentication flow", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://lists.freebsd.org/pipermail/freebsd-bugbusters/2014-February/000612.html"}, {"name": "USN-2122-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://ubuntu.com/usn/usn-2122-1"}, {"name": "[freebsd-bugbusters] 20140212 freeradius denial of service in authentication flow", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://lists.freebsd.org/pipermail/freebsd-bugbusters/2014-February/000610.html"}, {"name": "65581", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/65581"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1066761"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2014-2015", "datePublished": "2014-11-02T00:00:00.000Z", "dateReserved": "2014-02-17T00:00:00.000Z", "dateUpdated": "2024-08-06T09:58:16.213Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:freeradius:freeradius:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "D5C0C0C3-970F-4936-BEBB-19FACF4E958B", "vulnerable": true}, {"criteria": "cpe:2.3:a:freeradius:freeradius:2.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "9C4A43D5-03CA-4AAA-98A8-4EC86EC3EACB", "vulnerable": true}, {"criteria": "cpe:2.3:a:freeradius:freeradius:2.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "8DDB64CF-D48E-4E3E-A1E8-B6AE330A6C99", "vulnerable": true}, {"criteria": "cpe:2.3:a:freeradius:freeradius:2.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "25BF923C-F7CD-4232-8613-B1F09C7B9A35", "vulnerable": true}, {"criteria": "cpe:2.3:a:freeradius:freeradius:2.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "6A113B67-B9B6-421C-9EC9-E1FB462A4214", "vulnerable": true}, {"criteria": "cpe:2.3:a:freeradius:freeradius:2.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "6518E4DA-9531-4135-8462-A9E3BDD7AE38", "vulnerable": true}, {"criteria": "cpe:2.3:a:freeradius:freeradius:2.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "5B92B1F7-8139-4D5A-9461-0C7314BCCBC5", "vulnerable": true}, {"criteria": "cpe:2.3:a:freeradius:freeradius:2.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "C5CAEB64-0676-4C18-8255-DACDA612188E", "vulnerable": true}, {"criteria": "cpe:2.3:a:freeradius:freeradius:2.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "17F7A434-49DC-4005-9161-F2B49559621F", "vulnerable": true}, {"criteria": "cpe:2.3:a:freeradius:freeradius:2.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "7A54D59A-B832-4EE3-A8D6-A85EC17C268A", "vulnerable": true}, {"criteria": "cpe:2.3:a:freeradius:freeradius:2.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "D494932F-F639-44BE-B15C-7F07A67B0502", "vulnerable": true}, {"criteria": "cpe:2.3:a:freeradius:freeradius:2.1.6:*:*:*:*:*:*:*", "matchCriteriaId": "D2D45784-C53B-4A11-B1B3-BC68B514002D", "vulnerable": true}, {"criteria": "cpe:2.3:a:freeradius:freeradius:2.1.7:*:*:*:*:*:*:*", "matchCriteriaId": "E969979B-2852-453D-AF48-A462448D4C62", "vulnerable": true}, {"criteria": "cpe:2.3:a:freeradius:freeradius:2.1.8:*:*:*:*:*:*:*", "matchCriteriaId": "0E56E3E2-9142-47F5-B53E-61ACE4FA9A90", "vulnerable": true}, {"criteria": "cpe:2.3:a:freeradius:freeradius:2.1.9:*:*:*:*:*:*:*", "matchCriteriaId": "CE0CFEA6-1AC0-41AA-BEF0-16FE1A933758", "vulnerable": true}, {"criteria": "cpe:2.3:a:freeradius:freeradius:2.1.10:*:*:*:*:*:*:*", "matchCriteriaId": "C593C44B-CB2B-4C38-A44D-BA1BC9BF3CDB", "vulnerable": true}, {"criteria": "cpe:2.3:a:freeradius:freeradius:2.1.11:*:*:*:*:*:*:*", "matchCriteriaId": "908DA549-0EE5-4B85-961F-1C67210F6AED", "vulnerable": true}, {"criteria": "cpe:2.3:a:freeradius:freeradius:2.1.12:*:*:*:*:*:*:*", "matchCriteriaId": "91FBBBC1-7106-4DA1-BBCF-9D776BB082ED", "vulnerable": true}, {"criteria": "cpe:2.3:a:freeradius:freeradius:2.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "0B421C2D-290B-4439-BED6-4C0AEBAF484B", "vulnerable": true}, {"criteria": "cpe:2.3:a:freeradius:freeradius:2.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "09685697-9D74-4ECA-ACB0-DF08A1442DF0", "vulnerable": true}, {"criteria": "cpe:2.3:a:freeradius:freeradius:2.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "4D536C78-5619-4B01-A838-EB348B6D947E", "vulnerable": true}, {"criteria": "cpe:2.3:a:freeradius:freeradius:2.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "9C3482E5-E818-40CE-A061-4469F3CAC702", "vulnerable": true}, {"criteria": "cpe:2.3:a:freeradius:freeradius:3.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "388D7673-6BA7-4113-86E1-00F9A60C8796", "vulnerable": true}, {"criteria": "cpe:2.3:a:freeradius:freeradius:3.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "7B5B5D50-C251-4569-9D2C-49FB64702646", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Stack-based buffer overflow in the normify function in the rlm_pap module (modules/rlm_pap/rlm_pap.c) in FreeRADIUS 2.x, possibly 2.2.3 and earlier, and 3.x, possibly 3.0.1 and earlier, might allow attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long password hash, as demonstrated by an SSHA hash."}, {"lang": "es", "value": "Desbordamiento de buffer basado en pila en la funci\u00f3n normify en el m\u00f3dulo rlm_pap (modules/rlm_pap/rlm_pap.c) en FreeRADIUS 2.x, posiblemente 2.2.3 y anteriores, y 3.x, posiblemente 3.0.1 y anteriores, podr\u00eda permitir a atacantes causar una denagci\u00f3n de servicio (ca\u00edda) y posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de un hash de contrase\u00f1a largo, tal y como fue demostrado por un hash SSHA."}], "id": "CVE-2014-2015", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-11-02T00:55:03.313", "references": [{"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://lists.freebsd.org/pipermail/freebsd-bugbusters/2014-February/000610.html"}, {"source": "cve@mitre.org", "url": "http://lists.freebsd.org/pipermail/freebsd-bugbusters/2014-February/000612.html"}, {"source": "cve@mitre.org", "url": "http://lists.freebsd.org/pipermail/freebsd-bugbusters/2014-February/000616.html"}, {"source": "cve@mitre.org", "url": "http://rhn.redhat.com/errata/RHSA-2015-1287.html"}, {"source": "cve@mitre.org", "url": "http://ubuntu.com/usn/usn-2122-1"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.openwall.com/lists/oss-security/2014/02/18/3"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/65581"}, {"source": "cve@mitre.org", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1066761"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://lists.freebsd.org/pipermail/freebsd-bugbusters/2014-February/000610.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.freebsd.org/pipermail/freebsd-bugbusters/2014-February/000612.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.freebsd.org/pipermail/freebsd-bugbusters/2014-February/000616.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2015-1287.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://ubuntu.com/usn/usn-2122-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://www.openwall.com/lists/oss-security/2014/02/18/3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/65581"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1066761"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2015:1287", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "freeradius-0:2.2.6-4.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2015-07-20T00:00:00Z"}], "bugzilla": {"description": "freeradius: stack-based buffer overflow flaw in rlm_pap module", "id": "1066761", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1066761"}, "csaw": false, "cvss": {"cvss_base_score": "6.5", "cvss_scoring_vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "status": "verified"}, "cwe": "CWE-121", "details": ["Stack-based buffer overflow in the normify function in the rlm_pap module (modules/rlm_pap/rlm_pap.c) in FreeRADIUS 2.x, possibly 2.2.3 and earlier, and 3.x, possibly 3.0.1 and earlier, might allow attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long password hash, as demonstrated by an SSHA hash.", "A stack-based buffer overflow was found in the way the FreeRADIUS rlm_pap module handled long password hashes. An attacker able to make radiusd process a malformed password hash could cause the daemon to crash."], "name": "CVE-2014-2015", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "freeradius", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "freeradius2", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "freeradius", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2014-02-12T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2014-2015\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-2015"], "statement": "This issue affects the versions of freeradius2 as shipped with Red Hat Enterprise Linux 5. Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\nThis issue did not affect the versions of freeradius as shipped with Red Hat Enterprise Linux 5 and 7.", "threat_severity": "Moderate"}

{}