ID CVE-2006-4181
Summary Format string vulnerability in the sqllog function in the SQL accounting code for radiusd in GNU Radius 1.2 and 1.3 allows remote attackers to execute arbitrary code via unknown vectors.
References
Vulnerable Configurations
  • GNU Radius 1.2
    cpe:2.3:a:gnu:radius:1.2
  • GNU Radius 1.3
    cpe:2.3:a:gnu:radius:1.3
CVSS
Base: 10.0 (as of 28-11-2006 - 10:23)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
nessus via4
NASL family Gentoo Local Security Checks
NASL id GENTOO_GLSA-200612-17.NASL
description The remote host is affected by the vulnerability described in GLSA-200612-17 (GNU Radius: Format string vulnerability) A format string vulnerability was found in the sqllog function from the SQL accounting code for radiusd. That function is only used if one or more of the 'postgresql', 'mysql' or 'odbc' USE flags are enabled, which is not the default, except for the 'server' 2006.1 and 2007.0 profiles which enable the 'mysql' USE flag. Impact : An unauthenticated remote attacker could execute arbitrary code with the privileges of the user running radiusd, which may be the root user. It is important to note that there is no default GNU Radius user for Gentoo systems because no init script is provided with the package. Workaround : There is no known workaround at this time.
last seen 2019-02-21
modified 2015-04-13
plugin id 23874
published 2006-12-16
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=23874
title GLSA-200612-17 : GNU Radius: Format string vulnerability
refmap via4
bid 21303
gentoo GLSA-200612-17
idefense 20061126 GNU Radius Format String Vulnerability
sectrack 1017285
secunia 23087
vupen ADV-2006-4712
xf gnuradius-sqllog-format-string(30508)
statements via4
contributor Joshua Bressers
lastmodified 2006-12-04
organization Red Hat
statement Not Vulnerable. Red Hat does not ship GNU Radius in Red Hat Enterprise Linux 2.1, 3, or 4.
Last major update 07-03-2011 - 21:40
Published 27-11-2006 - 21:07
Last modified 19-07-2017 - 21:32
Back to Top