Vulnerabilities > CVE-2005-4745 - SQL Injection vulnerability in Freeradius 1.0.3/1.0.4
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
SQL injection vulnerability in the rlm_sqlcounter module in FreeRADIUS 1.0.3 and 1.0.4 allows remote attackers to execute arbitrary SQL commands via unknown attack vectors. The vendor released version 1.1.1 to address this issue.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 2 |
Nessus
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1145.NASL description Several remote vulnerabilities have been discovered in freeradius, a high-performance RADIUS server, which may lead to SQL injection or denial of service. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2005-4745 A SQL injection vulnerability has been discovered in the rlm_sqlcounter module. - CVE-2005-4746 Multiple buffer overflows have been discovered, allowing denial of service. last seen 2020-06-01 modified 2020-06-02 plugin id 22687 published 2006-10-14 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/22687 title Debian DSA-1145-1 : freeradius - several vulnerabilities code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-1145. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(22687); script_version("1.15"); script_cvs_date("Date: 2019/08/02 13:32:19"); script_cve_id("CVE-2005-4745", "CVE-2005-4746"); script_xref(name:"DSA", value:"1145"); script_name(english:"Debian DSA-1145-1 : freeradius - several vulnerabilities"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Several remote vulnerabilities have been discovered in freeradius, a high-performance RADIUS server, which may lead to SQL injection or denial of service. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2005-4745 A SQL injection vulnerability has been discovered in the rlm_sqlcounter module. - CVE-2005-4746 Multiple buffer overflows have been discovered, allowing denial of service." ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2005-4745" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2005-4746" ); script_set_attribute( attribute:"see_also", value:"http://www.debian.org/security/2006/dsa-1145" ); script_set_attribute( attribute:"solution", value: "Upgrade the freeradius packages. For the stable distribution (sarge) these problems have been fixed in version 1.0.2-4sarge3." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:freeradius"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.1"); script_set_attribute(attribute:"patch_publication_date", value:"2006/08/08"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/10/14"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2019 Tenable Network Security, Inc."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"3.1", prefix:"freeradius", reference:"1.0.2-4sarge3")) flag++; if (deb_check(release:"3.1", prefix:"freeradius-dialupadmin", reference:"1.0.2-4sarge3")) flag++; if (deb_check(release:"3.1", prefix:"freeradius-iodbc", reference:"1.0.2-4sarge3")) flag++; if (deb_check(release:"3.1", prefix:"freeradius-krb5", reference:"1.0.2-4sarge3")) flag++; if (deb_check(release:"3.1", prefix:"freeradius-ldap", reference:"1.0.2-4sarge3")) flag++; if (deb_check(release:"3.1", prefix:"freeradius-mysql", reference:"1.0.2-4sarge3")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_C110EDA2E99511DBA9440012F06707F0.NASL description The freeradius development team reports : A malicious 802.1x supplicant could send malformed Diameter format attributes inside of an EAP-TTLS tunnel. The server would reject the authentication request, but would leak one VALUE_PAIR data structure, of approximately 300 bytes. If an attacker performed the attack many times (e.g. thousands or more over a period of minutes to hours), the server could leak megabytes of memory, potentially leading to an last seen 2020-06-01 modified 2020-06-02 plugin id 25051 published 2007-04-19 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/25051 title FreeBSD : freeradius -- EAP-TTLS Tunnel Memory Leak Remote DOS Vulnerability (c110eda2-e995-11db-a944-0012f06707f0)
Statements
contributor | Mark J Cox |
lastmodified | 2006-08-30 |
organization | Red Hat |
statement | Not vulnerable. This issue did not affect the FreeRADIUS packages as distributed with Red Hat Enterprise Linux 2.1, 3, or 4. |