FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2005-1454

This CVE name corresponds to:

Entered Topic
2007-04-13 freeradius -- EAP-TTLS Tunnel Memory Leak Remote DOS Vulnerability

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

Details

Type Candidate
Name CVE-2005-1454
Phase Assigned(20050505)

Description

SQL injection vulnerability in the radius_xlat function in the SQL module for FreeRADIUS 1.0.2 and earlier allows remote authenticated users to execute arbitrary SQL commands via (1) group_membership_query, (2) simul_count_query, or (3) simul_verify_query configuration entries.

References

Source Reference
GENTOO GLSA-200505-13
REDHAT RHSA-2005:524
SUSE SUSE-SR:2005:014
FULLDISC 20050520 ERRATA: [ GLSA 200505-13 ] FreeRADIUS: SQL injection and Denial of Service vulnerability
CONFIRM http://www.freeradius.org/security.html
BID 13540
OVAL oval:org.mitre.oval:def:9610
SECTRACK 1013909
XF freeradius-xlat-sql-injection(20449)