Executive Summary
Summary | |
---|---|
Title | freeradius security update |
Informations | |||
---|---|---|---|
Name | RHSA-2005:524 | First vendor Publication | 2005-06-23 |
Vendor | RedHat | Last vendor Modification | 2005-06-23 |
Severity (Vendor) | Moderate | Revision | 01 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: Updated freeradius packages that fix a buffer overflow and possible SQL injection attacks in the sql module are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 3. Problem description: FreeRADIUS is a high-performance and highly configurable free RADIUS server designed to allow centralized authentication and authorization for a network. A buffer overflow bug was found in the way FreeRADIUS escapes data in an SQL query. An attacker may be able to crash FreeRADIUS if they cause FreeRADIUS to escape a string containing three or less characters. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-1454 to this issue. Additionally a bug was found in the way FreeRADIUS escapes SQL data. It is possible that an authenticated user could execute arbitrary SQL queries by sending a specially crafted request to FreeRADIUS. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-1455 to this issue. Users of FreeRADIUS should update to these erratum packages, which contain backported patches and are not vulnerable to these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command: up2date For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system: http://www.redhat.com/docs/manuals/enterprise/ 5. Bug IDs fixed (http://bugzilla.redhat.com/): 156941 - CAN-2005-1454 Multiple issues in freeradius (CAN-2005-1455) |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2005-524.html |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:9579 | |||
Oval ID: | oval:org.mitre.oval:def:9579 | ||
Title: | Buffer overflow in the sql_escape_func function in the SQL module for FreeRADIUS 1.0.2 and earlier allows remote attackers to cause a denial of service (crash). | ||
Description: | Buffer overflow in the sql_escape_func function in the SQL module for FreeRADIUS 1.0.2 and earlier allows remote attackers to cause a denial of service (crash). | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-1455 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9610 | |||
Oval ID: | oval:org.mitre.oval:def:9610 | ||
Title: | SQL injection vulnerability in the radius_xlat function in the SQL module for FreeRADIUS 1.0.2 and earlier allows remote authenticated users to execute arbitrary SQL commands via (1) group_membership_query, (2) simul_count_query, or (3) simul_verify_query configuration entries. | ||
Description: | SQL injection vulnerability in the radius_xlat function in the SQL module for FreeRADIUS 1.0.2 and earlier allows remote authenticated users to execute arbitrary SQL commands via (1) group_membership_query, (2) simul_count_query, or (3) simul_verify_query configuration entries. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-1454 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 1 |
OpenVAS Exploits
Date | Description |
---|---|
2009-10-10 | Name : SLES9: Security update for freeradius oes/CORE-9 File : nvt/sles9p5010921.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200505-13 (freeradius) File : nvt/glsa_200505_13.nasl |
2008-09-04 | Name : FreeBSD Ports: freeradius File : nvt/freebsd_freeradius0.nasl |
2008-09-04 | Name : FreeBSD Ports: freeradius, freeradius-mysql File : nvt/freebsd_freeradius4.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
16457 | FreeRADIUS rlm_sql.c radius_xlat Function SQL Injection |
16456 | FreeRADIUS rlm_sql.c sql_escape_func Function Overflow |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2007-04-19 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_c110eda2e99511dba9440012f06707f0.nasl - Type : ACT_GATHER_INFO |
2006-07-03 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2005-524.nasl - Type : ACT_GATHER_INFO |
2005-07-13 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_2fbe16c2cab611d99aed000e0c2e438a.nasl - Type : ACT_GATHER_INFO |
2005-06-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2005-524.nasl - Type : ACT_GATHER_INFO |
2005-05-17 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200505-13.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:49:28 |
|