CVE-2005-4745 - SQL injection vulnerability in the rlm_sqlcounter module in FreeRADIUS 1.0.3 and 1.0.4 allows remote

CVE-2005-4745

Summary

SQL injection vulnerability in the rlm_sqlcounter module in FreeRADIUS 1.0.3 and 1.0.4 allows remote attackers to execute arbitrary SQL commands via unknown attack vectors. The vendor released version 1.1.1 to address this issue.

References

Vulnerable Configurations

cpe:2.3:a:freeradius:freeradius:1.0.3:*:*:*:*:*:*:*
cpe:2.3:a:freeradius:freeradius:1.0.3:*:*:*:*:*:*:*
cpe:2.3:a:freeradius:freeradius:1.0.4:*:*:*:*:*:*:*
cpe:2.3:a:freeradius:freeradius:1.0.4:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 02-04-2010 - 06:30)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	17294
confirm	http://www.freeradius.org/security.html
debian	DSA-1145
mandriva	MDKSA-2007:092
osvdb	19323

statements via4

contributor	Mark J Cox
lastmodified	2006-08-30
organization	Red Hat
statement	Not vulnerable. This issue did not affect the FreeRADIUS packages as distributed with Red Hat Enterprise Linux 2.1, 3, or 4.

Last major update

02-04-2010 - 06:30

Published

31-12-2005 - 05:00

Last modified

02-04-2010 - 06:30