freeradius -- multiple vulnerabilities

ID EC2F2FF5-F710-11DA-9156-000E0C2E438A
Type freebsd
Reporter FreeBSD
Modified 2005-09-09T00:00:00


The freeradious development team reports:

Multiple issues exist with version 1.0.4, and all prior versions of the server. Externally exploitable vulnerabilities exist only for sites that use the rlm_sqlcounter module. Those sites may be vulnerable to SQL injection attacks, similar to the issues noted below. All sites that have not deployed the rlm_sqlcounter module are not vulnerable to external exploits. The issues are: SQL Injection attack in the rlm_sqlcounter module. Buffer overflow in the rlm_sqlcounter module, that may cause a server crash. Buffer overflow while expanding %t, that may cause a server crash.