|Category:||Debian Local Security Checks|
|Title:||Debian LTS: Security Advisory for libpam-radius-auth (DLA-2304-1)|
|Summary:||The remote host is missing an update for the 'libpam-radius-auth'; package(s) announced via the DLA-2304-1 advisory.|
The remote host is missing an update for the 'libpam-radius-auth'
package(s) announced via the DLA-2304-1 advisory.
`add_password` in pam_radius_auth.c in pam_radius 1.4.0 does not
correctly check the length of the input password, and is vulnerable
to a stack-based buffer overflow during memcpy(). An attacker could
send a crafted password to an application (loading the pam_radius
library) and crash it. Arbitrary code execution might be possible,
depending on the application, C library, compiler, and other factors.
'libpam-radius-auth' package(s) on Debian Linux.
For Debian 9 stretch, this problem has been fixed in version
We recommend that you upgrade your libpam-radius-auth packages.
Common Vulnerability Exposure (CVE) ID: CVE-2015-9542|
|Copyright||Copyright (C) 2020 Greenbone Networks GmbH|
|This is only one of 85075 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.