(RHSA-2005:524) freeradius security update

2005-06-23T04:00:00
ID RHSA-2005:524
Type redhat
Reporter RedHat
Modified 2017-09-08T11:54:48

Description

FreeRADIUS is a high-performance and highly configurable free RADIUS server designed to allow centralized authentication and authorization for a network.

A buffer overflow bug was found in the way FreeRADIUS escapes data in an SQL query. An attacker may be able to crash FreeRADIUS if they cause FreeRADIUS to escape a string containing three or less characters. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-1454 to this issue.

Additionally a bug was found in the way FreeRADIUS escapes SQL data. It is possible that an authenticated user could execute arbitrary SQL queries by sending a specially crafted request to FreeRADIUS. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-1455 to this issue.

Users of FreeRADIUS should update to these erratum packages, which contain backported patches and are not vulnerable to these issues.