A vulnerability was found in pam_radius : the password length check was done incorrectly in the add_password() function, resulting in a stack based buffer overflow.
This could be used to crash (DoS) an application using the PAM stack for authentication.
Upstream fixes :
Created pam_radius tracking bugs for this issue:
Affects: epel-6 [bug 1802060]
- Fixed in epel-8 since release,
- Fixed in Fedora since pam_radius-1.4.0-14 (in Fedora 28),
- Fixed in epel-7 since pam_radius-1.4.0-4.
As shipped in epel-6, the gcc compiler opts for __memcpy_chk() [with the correct buffer length] to ensure that there is a crash instead of an an overflow. Thus it is believed that only a Deianl of Service can be triggered using this flaw.