Vulnerability Name: | CVE-2005-1454 (CCN-20449) | ||||||||||||||||
Assigned: | 2005-05-04 | ||||||||||||||||
Published: | 2005-05-04 | ||||||||||||||||
Updated: | 2017-10-11 | ||||||||||||||||
Summary: | SQL injection vulnerability in the radius_xlat function in the SQL module for FreeRADIUS 1.0.2 and earlier allows remote authenticated users to execute arbitrary SQL commands via (1) group_membership_query, (2) simul_count_query, or (3) simul_verify_query configuration entries. | ||||||||||||||||
CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||||||||||
CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
| ||||||||||||||||
Vulnerability Type: | CWE-Other | ||||||||||||||||
Vulnerability Consequences: | Data Manipulation | ||||||||||||||||
References: | Source: CCN Type: Debian Bug report logs - #307720 freeradius: Few possible security problems Source: MITRE Type: CNA CVE-2005-1454 Source: CCN Type: RHSA-2005-524 freeradius security update Source: CCN Type: SECTRACK ID: 1013909 FreeBSD `rlm_sql.c` Contains SQL Injection and Buffer Overflow Bugs Source: FULLDISC Type: UNKNOWN 20050520 ERRATA: [ GLSA 200505-13 ] FreeRADIUS: SQL injection and Denial of Service vulnerability Source: CCN Type: FreeRADIUS Web site FreeRADIUS -- building the perfect RADIUS server Source: CONFIRM Type: UNKNOWN http://www.freeradius.org/security.html Source: CCN Type: GLSA-200505-13 FreeRADIUS: SQL injection and Denial of Service vulnerability Source: GENTOO Type: Patch GLSA-200505-13 Source: SUSE Type: UNKNOWN SUSE-SR:2005:014 Source: REDHAT Type: UNKNOWN RHSA-2005:524 Source: BID Type: Patch 13540 Source: CCN Type: BID-13540 FreeRadius RLM_SQL.C SQL Injection Vulnerability Source: SECTRACK Type: UNKNOWN 1013909 Source: XF Type: UNKNOWN freeradius-xlat-sql-injection(20449) Source: XF Type: UNKNOWN freeradius-xlat-sql-injection(20449) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:9610 Source: SUSE Type: SUSE-SR:2005:014 SUSE Security Summary Report | ||||||||||||||||
Vulnerable Configuration: | Configuration 1: Configuration RedHat 1: Configuration CCN 1: Denotes that component is vulnerable | ||||||||||||||||
Oval Definitions | |||||||||||||||||
| |||||||||||||||||
BACK |