Search CVE reports
1 – 3 of 3 results
Some fixes available 11 of 21
RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix...
3 affected packages
freeradius, krb5, libpam-radius-auth
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| freeradius | Fixed | Fixed | Fixed | Vulnerable |
| krb5 | Fixed | Fixed | Fixed | Fixed |
| libpam-radius-auth | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
add_password in pam_radius_auth.c in pam_radius 1.4.0 does not correctly check the length of the input password, and is vulnerable to a stack-based buffer overflow during memcpy(). An attacker could send a crafted password to an...
1 affected package
libpam-radius-auth
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libpam-radius-auth | — | — | — | Fixed |
Apache mod_auth_radius 1.5.4 and libpam-radius-auth allow remote malicious RADIUS servers to cause a denial of service (crash) via a RADIUS_REPLY_MESSAGE with a RADIUS attribute length of 1, which leads to a memcpy operation with...
1 affected package
libpam-radius-auth
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libpam-radius-auth | — | — | — | — |