FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2005-1455

This CVE name corresponds to:

Entered Topic
2007-04-13 freeradius -- EAP-TTLS Tunnel Memory Leak Remote DOS Vulnerability

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2005-1455 at cve.mitre.org

Details

Type Candidate
Name CVE-2005-1455
Phase Assigned(20050505)

Description

Buffer overflow in the sql_escape_func function in the SQL module for FreeRADIUS 1.0.2 and earlier allows remote attackers to cause a denial of service (crash).

References

Source Reference
GENTOO GLSA-200505-13
REDHAT RHSA-2005:524
SUSE SUSE-SR:2005:014
FULLDISC 20050520 ERRATA: [ GLSA 200505-13 ] FreeRADIUS: SQL injection and Denial of Service vulnerability
CONFIRM http://www.freeradius.org/security.html
BID 13541
OVAL oval:org.mitre.oval:def:9579
SECTRACK 1013909
XF freeradius-sqlescapefunc-bo(20450)

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.