6.4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:N/A:P
0.022 Low
EPSS
Percentile
89.6%
The freeradious development team reports:
Multiple issues exist with version 1.0.4, and all prior
versions of the server. Externally exploitable
vulnerabilities exist only for sites that use the
rlm_sqlcounter module. Those sites may be vulnerable to
SQL injection attacks, similar to the issues noted below.
All sites that have not deployed the rlm_sqlcounter module
are not vulnerable to external exploits.
The issues are:
SQL Injection attack in the rlm_sqlcounter module.
Buffer overflow in the rlm_sqlcounter module, that may cause
a server crash.
Buffer overflow while expanding %t, that may cause a server
crash.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
FreeBSD | any | noarch | freeradius | = 1.0.0 | UNKNOWN |
FreeBSD | any | noarch | freeradius | <= 1.0.4 | UNKNOWN |