CVE-2015-9542

Name of the Vulnerable Software and Affected Versions pam radius version 1.4.0

Description The issue arises from the add password function in pam radius auth.c, which fails to correctly check the length of the input password. This oversight makes it vulnerable to a stack-based buffer overflow during the memcpy() operation. An attacker could exploit this by sending a crafted password to an application that loads the pam radius library, potentially crashing the application. Depending on various factors such as the application, C library, compiler, and other environmental elements, arbitrary code execution might be feasible.

Recommendations For pam radius version 1.4.0, consider updating to a newer version that addresses this issue, as the current version is susceptible to a stack-based buffer overflow. As a temporary workaround, consider restricting the use of the add password function in pam radius auth.c to minimize the risk of exploitation. Additionally, be cautious when handling input passwords to prevent potential crashes or arbitrary code execution.