Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Sun, 16 Feb 2014 10:45:12 +0100
From: Florian Weimer <>
Subject: CVE request: freeradius denial of service in rlm_pap hash processing

SSHA (and presumably SSHA) processing runs into a stack-based buffer
overflow in the freeradius rlm_pap module if the password source uses
an unusually long hashed password, as reported publicly here:


(Also see the discussion in the follow-ups.)

Fix for 2.x:


Fix for 3.x:


Fix for the master branch:


Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ