Debian Libpam-Radius-Auth vulnerabilities

CVE-2015-9542 [HIGH] CVE-2015-9542: libpam-radius-auth - add_password in pam_radius_auth.c in pam_radius 1.4.0 does not correctly check t... add_password in pam_radius_auth.c in pam_radius 1.4.0 does not correctly check the length of the input password, and is vulnerable to a stack-based buffer overflow during memcpy(). An attacker could send a crafted password to an application (loading the pam_radius library) and crash it. Arbitrary code execution might be possible, depending on the applicatio

CVE-2005-0108 [MEDIUM] CVE-2005-0108: libapache-mod-auth-radius - Apache mod_auth_radius 1.5.4 and libpam-radius-auth allow remote malicious RADIU... Apache mod_auth_radius 1.5.4 and libpam-radius-auth allow remote malicious RADIUS servers to cause a denial of service (crash) via a RADIUS_REPLY_MESSAGE with a RADIUS attribute length of 1, which leads to a memcpy operation with a -1 length argument. Scope: local bullseye: resolved (fixed in 1.5.7-6)

CVE-2004-1340 [LOW] CVE-2004-1340: libpam-radius-auth - Debian GNU/Linux 3.0 installs the libpam-radius-auth package with the pam_radius... Debian GNU/Linux 3.0 installs the libpam-radius-auth package with the pam_radius_auth.conf set to be world-readable, which allows local users to obtain sensitive information. Scope: local bookworm: resolved (fixed in 1.3.16-1.1) bullseye: resolved (fixed in 1.3.16-1.1) forky: resolved (fixed in 1.3.16-1.1) sid: resolved (fixed in 1.3.16-1.1) trixie: resolved