6.4

CVE-2005-4744

EPSS 2.53%
Veröffentlicht 31.12.2005 05:00:00
Zuletzt bearbeitet 03.04.2025 01:03:51
Quelle secalert@redhat.com
CVE-Watchlists
Login
Unerledigt
Login

Off-by-one error in the sql_error function in sql_unixodbc.c in FreeRADIUS 1.0.2.5-5, and possibly other versions including 1.0.4, might allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by causing the external database query to fail.  NOTE: this single issue is part of a larger-scale disclosure, originally by SUSE, which reported multiple issues that were disputed by FreeRADIUS.  Disputed issues included file descriptor leaks, memory disclosure, LDAP injection, and other issues.  Without additional information, the most recent FreeRADIUS report is being regarded as the authoritative source for this CVE identifier.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 18

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Freeradius ≫ Freeradius Version1.0.3

Freeradius ≫ Freeradius Version1.0.4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	2.53%	0.84

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.4	10	4.9	AV:N/AC:L/Au:N/C:P/I:N/A:P

Es wurden noch keine Informationen zu CWE veröffentlicht.

ftp://patches.sgi.com/support/free/security/advisories/20060404-01-U.asc

http://rhn.redhat.com/errata/RHSA-2006-0271.html

http://secunia.com/advisories/16712

Vendor Advisory

http://secunia.com/advisories/19497

http://secunia.com/advisories/19518

http://secunia.com/advisories/19811

http://secunia.com/advisories/20461

http://www.debian.org/security/2006/dsa-1089

http://www.freeradius.org/security/20050909-response-to-suse.txt

http://www.freeradius.org/security/20050909-vendor-sec.txt

http://www.securityfocus.com/bid/14775

Patch

http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:066

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=167676

https://exchange.xforce.ibmcloud.com/vulnerabilities/22211

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10449

https://nvd.nist.gov/vuln/detail/CVE-2005-4744

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2005-4744

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2005-4744

EUVD