Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2005:524
HistoryJun 23, 2005 - 12:00 a.m.

(RHSA-2005:524) freeradius security update

2005-06-2300:00:00
access.redhat.com
12

0.005 Low

EPSS

Percentile

75.5%

JSON

FreeRADIUS is a high-performance and highly configurable free RADIUS server
designed to allow centralized authentication and authorization for a network.

A buffer overflow bug was found in the way FreeRADIUS escapes data in an
SQL query. An attacker may be able to crash FreeRADIUS if they cause
FreeRADIUS to escape a string containing three or less characters. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned
the name CAN-2005-1454 to this issue.

Additionally a bug was found in the way FreeRADIUS escapes SQL data. It is
possible that an authenticated user could execute arbitrary SQL queries by
sending a specially crafted request to FreeRADIUS. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2005-1455 to this issue.

Users of FreeRADIUS should update to these erratum packages, which contain
backported patches and are not vulnerable to these issues.

OSVersionArchitecturePackageVersionFilename
RedHatanyi386freeradius-unixodbc< 1.0.1-3.RHEL4freeradius-unixODBC-1.0.1-3.RHEL4.i386.rpm
RedHatanys390freeradius-postgresql< 1.0.1-3.RHEL4freeradius-postgresql-1.0.1-3.RHEL4.s390.rpm
RedHatanyppcfreeradius-postgresql< 1.0.1-3.RHEL4freeradius-postgresql-1.0.1-3.RHEL4.ppc.rpm
RedHatanyx86_64freeradius-postgresql< 1.0.1-3.RHEL4freeradius-postgresql-1.0.1-3.RHEL4.x86_64.rpm
RedHatanyi386freeradius-mysql< 1.0.1-3.RHEL4freeradius-mysql-1.0.1-3.RHEL4.i386.rpm
RedHatanyppcfreeradius< 1.0.1-3.RHEL4freeradius-1.0.1-3.RHEL4.ppc.rpm
RedHatanys390freeradius< 1.0.1-3.RHEL4freeradius-1.0.1-3.RHEL4.s390.rpm
RedHatanyia64freeradius-postgresql< 1.0.1-3.RHEL4freeradius-postgresql-1.0.1-3.RHEL4.ia64.rpm
RedHatanys390xfreeradius-postgresql< 1.0.1-3.RHEL4freeradius-postgresql-1.0.1-3.RHEL4.s390x.rpm
RedHatanyx86_64freeradius-unixodbc< 1.0.1-3.RHEL4freeradius-unixODBC-1.0.1-3.RHEL4.x86_64.rpm
Rows per page:
1-10 of 251

Related

nessus 5
openvas 8
centos 1
gentoo 1
freebsd 1
cvelist 2
cve 2
debiancve 2
ubuntucve 2
nvd 2
nessus
nessus
CentOS 3 / 4 : freeradius (CESA-2005:524)
2006-07-03 00:00:00
RHEL 4 : freeradius (RHSA-2005:524)
2005-06-24 00:00:00
FreeBSD : freeradius -- sql injection and denial of service vulnerability (2fbe16c2-cab6-11d9-9aed-000e0c2e438a)
2005-07-13 00:00:00
openvas
openvas
SLES9: Security update for freeradius oes/CORE-9
2009-10-10 00:00:00
Gentoo Security Advisory GLSA 200505-13 (freeradius)
2008-09-24 00:00:00
SLES9: Security update for freeradius oes/CORE-9
2009-10-10 00:00:00
centos
centos
freeradius security update
2005-06-23 20:24:57
gentoo
gentoo
FreeRADIUS: SQL injection and Denial of Service vulnerability
2005-05-17 00:00:00
freebsd
freebsd
freeradius -- EAP-TTLS Tunnel Memory Leak Remote DOS Vulnerability
2007-04-10 00:00:00
cvelist
cvelist
CVE-2005-1455
2005-05-19 04:00:00
CVE-2005-1454
2005-05-19 04:00:00
cve
cve
CVE-2005-1454
2005-05-19 04:00:00
CVE-2005-1455
2005-05-19 04:00:00
debiancve
debiancve
CVE-2005-1454
2005-05-19 04:00:00
CVE-2005-1455
2005-05-19 04:00:00
ubuntucve
ubuntucve
CVE-2005-1455
2005-05-19 00:00:00
CVE-2005-1454
2005-05-19 00:00:00
nvd
nvd
CVE-2005-1454
2005-05-19 04:00:00
CVE-2005-1455
2005-05-19 04:00:00

0.005 Low

EPSS

Percentile

75.5%

JSON
Related for RHSA-2005:524
nessus5openvas8centos1gentoo1freebsd1cvelist2cve2debiancve2ubuntucve2nvd2