1.0.4

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

freeradius

nessus

NVD

Published: 2005-12-31

Updated: 2024-11-21

Summary

SQL injection vulnerability in the rlm_sqlcounter module in FreeRADIUS 1.0.3 and 1.0.4 allows remote attackers to execute arbitrary SQL commands via unknown attack vectors.

Vulnerable Configurations

Part	Description	Count
Application	Freeradius Freeradius Freeradius 1.0.4 Freeradius Freeradius 1.0.3	2

Nessus

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DSA-1145.NASL
description	Several remote vulnerabilities have been discovered in freeradius, a high-performance RADIUS server, which may lead to SQL injection or denial of service. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2005-4745 A SQL injection vulnerability has been discovered in the rlm_sqlcounter module. - CVE-2005-4746 Multiple buffer overflows have been discovered, allowing denial of service.
last seen	2020-06-01
modified	2020-06-02
plugin id	22687
published	2006-10-14
reporter	This script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/22687
title	Debian DSA-1145-1 : freeradius - several vulnerabilities
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-1145. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(22687); script_version("1.15"); script_cvs_date("Date: 2019/08/02 13:32:19"); script_cve_id("CVE-2005-4745", "CVE-2005-4746"); script_xref(name:"DSA", value:"1145"); script_name(english:"Debian DSA-1145-1 : freeradius - several vulnerabilities"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Several remote vulnerabilities have been discovered in freeradius, a high-performance RADIUS server, which may lead to SQL injection or denial of service. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2005-4745 A SQL injection vulnerability has been discovered in the rlm_sqlcounter module. - CVE-2005-4746 Multiple buffer overflows have been discovered, allowing denial of service." ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2005-4745" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2005-4746" ); script_set_attribute( attribute:"see_also", value:"http://www.debian.org/security/2006/dsa-1145" ); script_set_attribute( attribute:"solution", value: "Upgrade the freeradius packages. For the stable distribution (sarge) these problems have been fixed in version 1.0.2-4sarge3." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:freeradius"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.1"); script_set_attribute(attribute:"patch_publication_date", value:"2006/08/08"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/10/14"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2019 Tenable Network Security, Inc."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"3.1", prefix:"freeradius", reference:"1.0.2-4sarge3")) flag++; if (deb_check(release:"3.1", prefix:"freeradius-dialupadmin", reference:"1.0.2-4sarge3")) flag++; if (deb_check(release:"3.1", prefix:"freeradius-iodbc", reference:"1.0.2-4sarge3")) flag++; if (deb_check(release:"3.1", prefix:"freeradius-krb5", reference:"1.0.2-4sarge3")) flag++; if (deb_check(release:"3.1", prefix:"freeradius-ldap", reference:"1.0.2-4sarge3")) flag++; if (deb_check(release:"3.1", prefix:"freeradius-mysql", reference:"1.0.2-4sarge3")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");

NASL family	FreeBSD Local Security Checks
NASL id	FREEBSD_PKG_C110EDA2E99511DBA9440012F06707F0.NASL
description	The freeradius development team reports : A malicious 802.1x supplicant could send malformed Diameter format attributes inside of an EAP-TTLS tunnel. The server would reject the authentication request, but would leak one VALUE_PAIR data structure, of approximately 300 bytes. If an attacker performed the attack many times (e.g. thousands or more over a period of minutes to hours), the server could leak megabytes of memory, potentially leading to an
last seen	2020-06-01
modified	2020-06-02
plugin id	25051
published	2007-04-19
reporter	This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/25051
title	FreeBSD : freeradius -- EAP-TTLS Tunnel Memory Leak Remote DOS Vulnerability (c110eda2-e995-11db-a944-0012f06707f0)

Statements

contributor	Mark J Cox
lastmodified	2006-08-30
organization	Red Hat
statement	Not vulnerable. This issue did not affect the FreeRADIUS packages as distributed with Red Hat Enterprise Linux 2.1, 3, or 4.

Summary

Vulnerable Configurations

Nessus

Statements

References