Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-4744

Overview

Vulnerability Score 6.4 6.4
CVE Id CVE-2005-4744
Last Modified 21 Aug 2010 12:36:59
Published 31 Dec 2005 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-4744

Summary

Off-by-one error in the sql_error function in sql_unixodbc.c in FreeRADIUS 1.0.2.5-5, and possibly other versions including 1.0.4, might allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by causing the external database query to fail. NOTE: this single issue is part of a larger-scale disclosure, originally by SUSE, which reported multiple issues that were disputed by FreeRADIUS. Disputed issues included file descriptor leaks, memory disclosure, LDAP injection, and other issues. Without additional information, the most recent FreeRADIUS report is being regarded as the authoritative source for this CVE identifier.

Vulnerable Systems

Application

  • Freeradius 1.0.3

  • Freeradius 1.0.4


References

XF - freeradius-token-sqlunixodbc-dos(22211)

BID - 14775

MISC - https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=167676

MISC - http://www.freeradius.org/security/20050909-vendor-sec.txt

CONFIRM - http://www.freeradius.org/security/20050909-response-to-suse.txt

SECUNIA - 16712

MANDRIVA - MDKSA-2006:066

DEBIAN - DSA-1089

SECUNIA - 20461

SECUNIA - 19811

SECUNIA - 19518

SECUNIA - 19497

REDHAT - RHSA-2006:0271

SGI - 20060404-01-U

Related Patches

Red Hat 2006:0271-12 RHSA freeradius security update for RHEL 4 x86


Last Updated: 27 May 2016 10:41:25