GLSA-201406-12 : FreeRADIUS: Arbitrary code execution
High Nessus Plugin ID 76063
SynopsisThe remote Gentoo host is missing one or more security-related patches.
DescriptionThe remote host is affected by the vulnerability described in GLSA-201406-12 (FreeRADIUS: Arbitrary code execution)
Large passwords can trigger a stack-based buffer overflow in FreeRADIUS’s rlm_pap module when authenticating against an LDAP server.
An authenticated user could set a specially crafted long password, possibly leading to arbitrary code execution or a Denial of Service condition.
There is no known workaround at this time.
SolutionAll FreeRADIUS users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=net-dialup/freeradius-2.2.5'