Lucene search

K
redhatRedHatRHSA-2005:524
HistoryJun 23, 2005 - 12:00 a.m.

(RHSA-2005:524) freeradius security update

2005-06-2300:00:00
access.redhat.com
12

0.005 Low

EPSS

Percentile

75.5%

FreeRADIUS is a high-performance and highly configurable free RADIUS server
designed to allow centralized authentication and authorization for a network.

A buffer overflow bug was found in the way FreeRADIUS escapes data in an
SQL query. An attacker may be able to crash FreeRADIUS if they cause
FreeRADIUS to escape a string containing three or less characters. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned
the name CAN-2005-1454 to this issue.

Additionally a bug was found in the way FreeRADIUS escapes SQL data. It is
possible that an authenticated user could execute arbitrary SQL queries by
sending a specially crafted request to FreeRADIUS. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2005-1455 to this issue.

Users of FreeRADIUS should update to these erratum packages, which contain
backported patches and are not vulnerable to these issues.

0.005 Low

EPSS

Percentile

75.5%