{
  "threat_severity" : "Moderate",
  "public_date" : "2014-02-12T00:00:00Z",
  "bugzilla" : {
    "description" : "freeradius: stack-based buffer overflow flaw in rlm_pap module",
    "id" : "1066761",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1066761"
  },
  "cvss" : {
    "cvss_base_score" : "6.5",
    "cvss_scoring_vector" : "AV:N/AC:L/Au:S/C:P/I:P/A:P",
    "status" : "verified"
  },
  "cwe" : "CWE-121",
  "details" : [ "Stack-based buffer overflow in the normify function in the rlm_pap module (modules/rlm_pap/rlm_pap.c) in FreeRADIUS 2.x, possibly 2.2.3 and earlier, and 3.x, possibly 3.0.1 and earlier, might allow attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long password hash, as demonstrated by an SSHA hash.", "A stack-based buffer overflow was found in the way the FreeRADIUS rlm_pap module handled long password hashes. An attacker able to make radiusd process a malformed password hash could cause the daemon to crash." ],
  "statement" : "This issue affects the versions of freeradius2 as shipped with Red Hat Enterprise Linux 5. Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\nThis issue did not affect the versions of freeradius as shipped with Red Hat Enterprise Linux 5 and 7.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2015-07-20T00:00:00Z",
    "advisory" : "RHSA-2015:1287",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "freeradius-0:2.2.6-4.el6"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Not affected",
    "package_name" : "freeradius",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Will not fix",
    "package_name" : "freeradius2",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "freeradius",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2014-2015\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-2015" ],
  "name" : "CVE-2014-2015",
  "csaw" : false
}