Executive Summary

Summary
Titlefreeradius security update
Informations
NameRHSA-2005:524First vendor Publication2005-06-23
VendorRedHatLast vendor Modification2005-06-23
Severity (Vendor) ModerateRevision01

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score7.5Attack RangeNetwork
Cvss Impact Score6.4Attack ComplexityLow
Cvss Expoit Score10AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

Problem Description:

Updated freeradius packages that fix a buffer overflow and possible SQL injection attacks in the sql module are now available.

This update has been rated as having moderate security impact by the Red Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64

3. Problem description:

FreeRADIUS is a high-performance and highly configurable free RADIUS server designed to allow centralized authentication and authorization for a network.

A buffer overflow bug was found in the way FreeRADIUS escapes data in an SQL query. An attacker may be able to crash FreeRADIUS if they cause FreeRADIUS to escape a string containing three or less characters. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-1454 to this issue.

Additionally a bug was found in the way FreeRADIUS escapes SQL data. It is possible that an authenticated user could execute arbitrary SQL queries by sending a specially crafted request to FreeRADIUS. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-1455 to this issue.

Users of FreeRADIUS should update to these erratum packages, which contain backported patches and are not vulnerable to these issues.

4. Solution:

Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system:

http://www.redhat.com/docs/manuals/enterprise/

5. Bug IDs fixed (http://bugzilla.redhat.com/):

156941 - CAN-2005-1454 Multiple issues in freeradius (CAN-2005-1455)

Original Source

Url : https://rhn.redhat.com/errata/RHSA-2005-524.html

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:9610
 
Oval ID: oval:org.mitre.oval:def:9610
Title: SQL injection vulnerability in the radius_xlat function in the SQL module for FreeRADIUS 1.0.2 and earlier allows remote authenticated users to execute arbitrary SQL commands via (1) group_membership_query, (2) simul_count_query, or (3) simul_verify_query configuration entries.
Description: SQL injection vulnerability in the radius_xlat function in the SQL module for FreeRADIUS 1.0.2 and earlier allows remote authenticated users to execute arbitrary SQL commands via (1) group_membership_query, (2) simul_count_query, or (3) simul_verify_query configuration entries.
Family: unix Class: vulnerability
Reference(s): CVE-2005-1454
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9579
 
Oval ID: oval:org.mitre.oval:def:9579
Title: Buffer overflow in the sql_escape_func function in the SQL module for FreeRADIUS 1.0.2 and earlier allows remote attackers to cause a denial of service (crash).
Description: Buffer overflow in the sql_escape_func function in the SQL module for FreeRADIUS 1.0.2 and earlier allows remote attackers to cause a denial of service (crash).
Family: unix Class: vulnerability
Reference(s): CVE-2005-1455
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application1

OpenVAS Exploits

DateDescription
2009-10-10Name : SLES9: Security update for freeradius oes/CORE-9
File : nvt/sles9p5010921.nasl
2008-09-24Name : Gentoo Security Advisory GLSA 200505-13 (freeradius)
File : nvt/glsa_200505_13.nasl
2008-09-04Name : FreeBSD Ports: freeradius
File : nvt/freebsd_freeradius0.nasl
2008-09-04Name : FreeBSD Ports: freeradius, freeradius-mysql
File : nvt/freebsd_freeradius4.nasl

Open Source Vulnerability Database (OSVDB)

idDescription
16457FreeRADIUS rlm_sql.c radius_xlat Function SQL Injection
16456FreeRADIUS rlm_sql.c sql_escape_func Function Overflow

Nessus® Vulnerability Scanner

DateDescription
2007-04-19Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_c110eda2e99511dba9440012f06707f0.nasl - Type : ACT_GATHER_INFO
2006-07-03Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2005-524.nasl - Type : ACT_GATHER_INFO
2005-07-13Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_2fbe16c2cab611d99aed000e0c2e438a.nasl - Type : ACT_GATHER_INFO
2005-06-24Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2005-524.nasl - Type : ACT_GATHER_INFO
2005-05-17Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200505-13.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
DateInformations
2014-02-17 11:49:28
  • Multiple Updates