| Vulnerability Name: | CVE-2005-4744 (CCN-22211) | ||||||||||||||||
| Assigned: | 2005-09-09 | ||||||||||||||||
| Published: | 2005-09-09 | ||||||||||||||||
| Updated: | 2023-02-13 | ||||||||||||||||
| Summary: | Off-by-one error in the sql_error function in sql_unixodbc.c in FreeRADIUS 1.0.2.5-5, and possibly other versions including 1.0.4, might allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by causing the external database query to fail. Note: this single issue is part of a larger-scale disclosure, originally by SUSE, which reported multiple issues that were disputed by FreeRADIUS. Disputed issues included file descriptor leaks, memory disclosure, LDAP injection, and other issues. Without additional information, the most recent FreeRADIUS report is being regarded as the authoritative source for this CVE identifier. | ||||||||||||||||
| CVSS v3 Severity: | 6.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L)
| ||||||||||||||||
| CVSS v2 Severity: | 6.4 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:P)
| ||||||||||||||||
| Vulnerability Consequences: | Denial of Service | ||||||||||||||||
| References: | Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: MITRE Type: CNA CVE-2005-4744 Source: CCN Type: RHSA-2006-0271 freeradius security update Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: CCN Type: SA16712 FreeRADIUS Multiple Vulnerabilities Source: CCN Type: ASA-2006-100 freeradius security update (RHSA-2006-0271) Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: DEBIAN Type: DSA-1089 freeradius -- several vulnerabilities Source: CCN Type: FreeRADIUS Web site FreeRADIUS -- building the perfect RADIUS server Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: CCN Type: BID-14775 FreeRADIUS Multiple Remote Vulnerabilities Source: secalert@redhat.com Type: Patch secalert@redhat.com Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: XF Type: UNKNOWN freeradius-token-sqlunixodbc-dos(22211) Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com | ||||||||||||||||
| Vulnerable Configuration: | Configuration RedHat 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||||||
| Oval Definitions | |||||||||||||||||
| |||||||||||||||||
| BACK | |||||||||||||||||