Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-1454

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2005-1454
Last Modified 21 Aug 2010 12:28:53
Published 19 May 2005 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-1454

Summary

SQL injection vulnerability in the radius_xlat function in the SQL module for FreeRADIUS 1.0.2 and earlier allows remote authenticated users to execute arbitrary SQL commands via (1) group_membership_query, (2) simul_count_query, or (3) simul_verify_query configuration entries.

Vulnerable Systems

Application

  • Freeradius 1.0.2


References

BID - 13540

GENTOO - GLSA-200505-13

XF - freeradius-xlat-sql-injection(20449)

SECTRACK - 1013909

SUSE - SUSE-SR:2005:014

CONFIRM - http://www.freeradius.org/security.html

FULLDISC - 20050520 ERRATA: [ GLSA 200505-13 ] FreeRADIUS: SQL injection and Denial of Service vulnerability

REDHAT - RHSA-2005:524

Related Patches

Red Hat 2005:524-05 RHSA freeradius security update for RHEL 4 x86


Last Updated: 27 May 2016 10:40:10