CVE - CVE-2005-4744

CVE-ID
CVE-2005-4744	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Off-by-one error in the sql_error function in sql_unixodbc.c in FreeRADIUS 1.0.2.5-5, and possibly other versions including 1.0.4, might allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by causing the external database query to fail. NOTE: this single issue is part of a larger-scale disclosure, originally by SUSE, which reported multiple issues that were disputed by FreeRADIUS. Disputed issues included file descriptor leaks, memory disclosure, LDAP injection, and other issues. Without additional information, the most recent FreeRADIUS report is being regarded as the authoritative source for this CVE identifier.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:14775 URL:http://www.securityfocus.com/bid/14775 MISC:16712 URL:http://secunia.com/advisories/16712 MISC:19497 URL:http://secunia.com/advisories/19497 MISC:19518 URL:http://secunia.com/advisories/19518 MISC:19811 URL:http://secunia.com/advisories/19811 MISC:20060404-01-U URL:ftp://patches.sgi.com/support/free/security/advisories/20060404-01-U.asc MISC:20461 URL:http://secunia.com/advisories/20461 MISC:DSA-1089 URL:http://www.debian.org/security/2006/dsa-1089 MISC:MDKSA-2006:066 URL:~~http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:066~~ (Obsolete source) MISC:RHSA-2006:0271 URL:http://rhn.redhat.com/errata/RHSA-2006-0271.html MISC:freeradius-token-sqlunixodbc-dos(22211) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/22211 MISC:http://www.freeradius.org/security/20050909-response-to-suse.txt URL:http://www.freeradius.org/security/20050909-response-to-suse.txt MISC:http://www.freeradius.org/security/20050909-vendor-sec.txt URL:http://www.freeradius.org/security/20050909-vendor-sec.txt MISC:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=167676 URL:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=167676 MISC:oval:org.mitre.oval:def:10449 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10449
Assigning CNA
Red Hat, Inc.
Date Record Created
20060328	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20060328)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)