Vulnerabilities > CVE-2005-4746 - RLM_SQLCounter Buffer Overflow vulnerability in Freeradius 1.0.3/1.0.4
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
COMPLETE Summary
Multiple buffer overflows in FreeRADIUS 1.0.3 and 1.0.4 allow remote attackers to cause denial of service (crash) via (1) the rlm_sqlcounter module or (2) unknown vectors "while expanding %t".
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 2 |
Nessus
NASL family | Debian Local Security Checks |
NASL id | DEBIAN_DSA-1145.NASL |
description | Several remote vulnerabilities have been discovered in freeradius, a high-performance RADIUS server, which may lead to SQL injection or denial of service. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2005-4745 A SQL injection vulnerability has been discovered in the rlm_sqlcounter module. - CVE-2005-4746 Multiple buffer overflows have been discovered, allowing denial of service. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 22687 |
published | 2006-10-14 |
reporter | This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/22687 |
title | Debian DSA-1145-1 : freeradius - several vulnerabilities |
code |
|
Statements
contributor | Mark J Cox |
lastmodified | 2006-08-30 |
organization | Red Hat |
statement | Not vulnerable. This issue did not affect the FreeRADIUS packages as distributed with Red Hat Enterprise Linux 2.1, 3, or 4. |
References
- http://www.debian.org/security/2006/dsa-1145
- http://www.freeradius.org/security.html
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:066
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:092
- http://www.osvdb.org/19324
- http://www.osvdb.org/19325
- http://www.securityfocus.com/bid/17293