Security readout for executives and security teams
Plain-English summary
pam_radius 1.4.0 can mishandle an overly long password and overflow stack memory. An attacker who can submit a password to an application using this PAM RADIUS module could crash that application. Code execution is described as possible, but source evidence says it depends on deployment-specific factors.
Executive priority
Treat as a targeted authentication-service stability risk with possible code-execution implications. Prioritize systems where PAM RADIUS protects remote access, VPN, administrative login, or exposed application authentication.
Technical view
The flaw is in add_password in pam_radius_auth.c. A password length check is incorrect before memcpy(), creating a stack-based buffer overflow in pam_radius 1.4.0. Impact is at least denial of service for applications loading the module; arbitrary code execution is possible only under certain application, C library, compiler, and runtime conditions.
Likely exposure
Exposure is most likely on Linux systems using pam_radius or distro package libpam-radius-auth for PAM-backed RADIUS authentication. The supplied affected-product metadata is incomplete, so inventory should focus on installed packages and PAM configurations referencing the module.
Exploitation context
The source bundle does not show CISA KEV listing or cited evidence of active exploitation. The documented attack condition is a crafted password supplied to an application loading pam_radius, causing a crash and possibly more depending on local hardening.
Researcher notes
The public data lacks CVSS, CWE, and complete CPEs. The key evidence is the upstream commit and Debian/Ubuntu/Red Hat advisories. Exploitability analysis should account for stack protections, compiler flags, C library behavior, and the consuming PAM application.
Mitigation direction
- Update pam_radius or libpam-radius-auth using Debian, Ubuntu, Red Hat, or vendor guidance.
- Prioritize internet-facing or high-volume authentication services using PAM RADIUS.
- Check whether vendor packages include the FreeRADIUS upstream fix.
- Review vendor advisories for supported versions and distribution-specific patch status.
Validation and detection
- Inventory hosts for pam_radius or libpam-radius-auth installations.
- Inspect PAM configuration for pam_radius_auth.so references.
- Confirm installed packages include the vendor security update or upstream fix.
- Review authentication-service crash logs around PAM or RADIUS password handling.
Public sources used
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
Execution behavior lookup
The CVE wording references code or command execution, so execution technique review may help defensive triage. This is a Glexia inferred lookup path, not an official MITRE, ATT&CK, or CVE Program mapping.
Open ATT&CK lookupCredential and access behavior lookup
The CVE wording references authentication or credential exposure, so valid-account and credential-access review may help. This is a Glexia inferred lookup path, not an official MITRE, ATT&CK, or CVE Program mapping.
Open ATT&CK lookupCVE-2015-9542 mapping review
Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.
Open ATT&CK lookup- Severity
- Unknown
- CVSS
- Not scored
- Known Exploited
- No
- Published
CNA and ADP enrichment extracted from CVE v5
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.
CVSS and timeline data
No CVSS vectors or timeline events were available in the normalized CVE source material.
Source materials
- CVE List V5 sourceCVE List V5
- https://github.com/FreeRADIUS/pam_radius/commit/01173ec2426627dbb1e0d96c06c3ffa0b14d36d0CVE reference · x_refsource_MISC
- [debian-lts-announce] 20200222 [SECURITY] [DLA 2116-1] libpam-radius-auth security updateCVE reference · mailing-list, x_refsource_MLIST
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-9542CVE reference · x_refsource_CONFIRM
- USN-4290-1CVE reference · vendor-advisory, x_refsource_UBUNTU
- USN-4290-2CVE reference · vendor-advisory, x_refsource_UBUNTU
- [debian-lts-announce] 20200801 [SECURITY] [DLA 2304-1] libpam-radius-auth security updateCVE reference · mailing-list, x_refsource_MLIST
Products and packages named in the record
CWE details
CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.
