CVE-2005-4744
First published: Sat Dec 31 2005(Updated: )
Off-by-one error in the sql_error function in sql_unixodbc.c in FreeRADIUS 1.0.2.5-5, and possibly other versions including 1.0.4, might allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by causing the external database query to fail. NOTE: this single issue is part of a larger-scale disclosure, originally by SUSE, which reported multiple issues that were disputed by FreeRADIUS. Disputed issues included file descriptor leaks, memory disclosure, LDAP injection, and other issues. Without additional information, the most recent FreeRADIUS report is being regarded as the authoritative source for this CVE identifier.
Credit: secalert@redhat.com secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| FreeRADIUS FreeRADIUS | =1.0.4 | |
| FreeRADIUS FreeRADIUS | =1.0.3 | |
| FreeRADIUS | =1.0.3 | |
| FreeRADIUS | =1.0.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.freeradius.org/security/20050909-response-to-suse.txt
- http://www.freeradius.org/security/20050909-vendor-sec.txt
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=167676
- http://www.securityfocus.com/bid/14775
- http://secunia.com/advisories/16712
- http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:066
- http://rhn.redhat.com/errata/RHSA-2006-0271.html
- http://secunia.com/advisories/19497
- http://secunia.com/advisories/19518
- http://secunia.com/advisories/19811
- http://www.debian.org/security/2006/dsa-1089
- http://secunia.com/advisories/20461
- https://exchange.xforce.ibmcloud.com/vulnerabilities/22211
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10449
Frequently Asked Questions
What is the severity of CVE-2005-4744?
CVE-2005-4744 is classified as a medium severity vulnerability due to its potential to cause denial of service and the risk of arbitrary code execution.
How do I fix CVE-2005-4744?
To fix CVE-2005-4744, update FreeRADIUS to the latest version that addresses this vulnerability.
Which versions of FreeRADIUS are affected by CVE-2005-4744?
CVE-2005-4744 affects FreeRADIUS versions 1.0.2.5-5, 1.0.3, and 1.0.4.
What type of vulnerability is CVE-2005-4744?
CVE-2005-4744 is an off-by-one error vulnerability that can lead to crashes and potential arbitrary code execution.
Can CVE-2005-4744 be exploited remotely?
Yes, CVE-2005-4744 can be exploited by remote attackers to cause a denial of service.
- agent/references
- agent/author
- agent/type
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/weakness
- agent/remedy
- agent/description
- agent/event
- agent/source
- collector/nvd-historical
- agent/software-canonical-lookup-request
- agent/tags
- agent/softwarecombine
- collector/nvd-api
- collector/nvd-index
- vendor/freeradius
- canonical/freeradius freeradius
- version/freeradius freeradius/1.0.4
- version/freeradius freeradius/1.0.3
- canonical/freeradius
- version/freeradius/1.0.3
- version/freeradius/1.0.4