FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2005-4744

This CVE name corresponds to:

Entered Topic
2006-06-08 freeradius -- multiple vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2005-4744 at cve.mitre.org

Details

Type Candidate
Name CVE-2005-4744
Phase Assigned(20060328)

Description

Off-by-one error in the sql_error function in sql_unixodbc.c in FreeRADIUS 1.0.2.5-5, and possibly other versions including 1.0.4, might allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by causing the external database query to fail. NOTE: this single issue is part of a larger-scale disclosure, originally by SUSE, which reported multiple issues that were disputed by FreeRADIUS. Disputed issues included file descriptor leaks, memory disclosure, LDAP injection, and other issues. Without additional information, the most recent FreeRADIUS report is being regarded as the authoritative source for this CVE identifier.

References

Source Reference
CONFIRM http://www.freeradius.org/security/20050909-response-to-suse.txt
MISC http://www.freeradius.org/security/20050909-vendor-sec.txt
MISC https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=167676
DEBIAN DSA-1089
MANDRIVA MDKSA-2006:066
REDHAT RHSA-2006:0271
SGI 20060404-01-U
BID 14775
OVAL oval:org.mitre.oval:def:10449
SECUNIA 16712
SECUNIA 19497
SECUNIA 19518
SECUNIA 19811
SECUNIA 20461
XF freeradius-token-sqlunixodbc-dos(22211)

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.