ID CVE-2005-4744
Summary Off-by-one error in the sql_error function in sql_unixodbc.c in FreeRADIUS 1.0.2.5-5, and possibly other versions including 1.0.4, might allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by causing the external database query to fail. NOTE: this single issue is part of a larger-scale disclosure, originally by SUSE, which reported multiple issues that were disputed by FreeRADIUS. Disputed issues included file descriptor leaks, memory disclosure, LDAP injection, and other issues. Without additional information, the most recent FreeRADIUS report is being regarded as the authoritative source for this CVE identifier.
References
Vulnerable Configurations
  • cpe:2.3:a:freeradius:freeradius:1.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:1.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:1.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:1.0.3:*:*:*:*:*:*:*
CVSS
Base: 6.4 (as of 13-02-2023 - 02:15)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:N/A:P
oval via4
accepted 2013-04-29T04:05:47.484-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 3
    oval oval:org.mitre.oval:def:11782
  • comment CentOS Linux 3.x
    oval oval:org.mitre.oval:def:16651
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
description Off-by-one error in the sql_error function in sql_unixodbc.c in FreeRADIUS 1.0.2.5-5, and possibly other versions including 1.0.4, might allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by causing the external database query to fail. NOTE: this single issue is part of a larger-scale disclosure, originally by SUSE, which reported multiple issues that were disputed by FreeRADIUS. Disputed issues included file descriptor leaks, memory disclosure, LDAP injection, and other issues. Without additional information, the most recent FreeRADIUS report is being regarded as the authoritative source for this CVE identifier.
family unix
id oval:org.mitre.oval:def:10449
status accepted
submitted 2010-07-09T03:56:16-04:00
title Off-by-one error in the sql_error function in sql_unixodbc.c in FreeRADIUS 1.0.2.5-5, and possibly other versions including 1.0.4, might allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by causing the external database query to fail. NOTE: this single issue is part of a larger-scale disclosure, originally by SUSE, which reported multiple issues that were disputed by FreeRADIUS. Disputed issues included file descriptor leaks, memory disclosure, LDAP injection, and other issues. Without additional information, the most recent FreeRADIUS report is being regarded as the authoritative source for this CVE identifier.
version 29
redhat via4
advisories
rhsa
id RHSA-2006:0271
rpms
  • freeradius-0:1.0.1-2.RHEL3.2
  • freeradius-0:1.0.1-3.RHEL4.3
  • freeradius-debuginfo-0:1.0.1-2.RHEL3.2
  • freeradius-debuginfo-0:1.0.1-3.RHEL4.3
  • freeradius-mysql-0:1.0.1-3.RHEL4.3
  • freeradius-postgresql-0:1.0.1-3.RHEL4.3
  • freeradius-unixODBC-0:1.0.1-3.RHEL4.3
refmap via4
bid 14775
confirm http://www.freeradius.org/security/20050909-response-to-suse.txt
debian DSA-1089
mandriva MDKSA-2006:066
misc
secunia
  • 16712
  • 19497
  • 19518
  • 19811
  • 20461
sgi 20060404-01-U
xf freeradius-token-sqlunixodbc-dos(22211)
Last major update 13-02-2023 - 02:15
Published 31-12-2005 - 05:00
Last modified 13-02-2023 - 02:15
Back to Top