CVE-2005-4746 - Multiple buffer overflows in FreeRADIUS 1.0.3 and 1.0.4 allow remote attackers to cause denial of se

CVE-2005-4746

Summary

Multiple buffer overflows in FreeRADIUS 1.0.3 and 1.0.4 allow remote attackers to cause denial of service (crash) via (1) the rlm_sqlcounter module or (2) unknown vectors "while expanding %t".

References

Vulnerable Configurations

cpe:2.3:a:freeradius:freeradius:1.0.3:*:*:*:*:*:*:*
cpe:2.3:a:freeradius:freeradius:1.0.3:*:*:*:*:*:*:*
cpe:2.3:a:freeradius:freeradius:1.0.4:*:*:*:*:*:*:*
cpe:2.3:a:freeradius:freeradius:1.0.4:*:*:*:*:*:*:*

CVSS

Base:	7.8 (as of 02-04-2010 - 06:30)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	COMPLETE

cvss-vector via4

AV:N/AC:L/Au:N/C:N/I:N/A:C

refmap via4

bid	17293
confirm	http://www.freeradius.org/security.html
debian	DSA-1145
mandriva	MDKSA-2006:066 MDKSA-2007:092
osvdb	19324 19325

statements via4

contributor	Mark J Cox
lastmodified	2006-08-30
organization	Red Hat
statement	Not vulnerable. This issue did not affect the FreeRADIUS packages as distributed with Red Hat Enterprise Linux 2.1, 3, or 4.

Last major update

02-04-2010 - 06:30

Published

31-12-2005 - 05:00

Last modified

02-04-2010 - 06:30