GoogleOSV:DSA-1145-1freeradius - several
7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
0.026 Low
EPSS
Percentile
88.8%
Several remote vulnerabilities have been discovered in freeradius, a
high-performance RADIUS server, which may lead to SQL injection or denial
of service. The Common Vulnerabilities and Exposures project identifies
the following problems:
- CVE-2005-4745
An SQL injection vulnerability has been discovered in the
rlm_sqlcounter module. - CVE-2005-4746
Multiple buffer overflows have been discovered, allowing denial of
service.
For the stable distribution (sarge) these problems have been fixed in
version 1.0.2-4sarge3.
For the unstable distribution (sid) these problems have been fixed in
version 1.0.5-1.
We recommend that you upgrade your freeradius packages.
| CPE | Name | Operator | Version |
|---|---|---|---|
| freeradius | eq | 1.0.2-4 | |
| freeradius | eq | 1.0.2-4sarge1 |
References
Related
7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
0.026 Low
EPSS
Percentile
88.8%