SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Security)  >   FreeRADIUS Vendors:   FreeRADIUS Server Project
FreeBSD 'rlm_sql.c' Contains SQL Injection and Buffer Overflow Bugs
SecurityTracker Alert ID:  1013909
SecurityTracker URL:  http://securitytracker.com/id/1013909
CVE Reference:   CVE-2005-1454, CVE-2005-1455   (Links to External Site)
Updated:  Jun 14 2005
Original Entry Date:  May 6 2005
Impact:   Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 1.0.2
Description:   Two vulnerabilities were reported in FreeRADIUS. A remote authenticated user may be able to inject SQL commands. A remote user may also be able to execute arbitrary code on the target system.

The software makes a radius_xlat() function call to compose an SQL query based on user-supplied data but does not properly validate the data. A remote authenticated user may be able to execute SQL commands on the underlying database.

A buffer overflow resides in the sql_escape_func() function.

The flaws reside in '/src/modules/rlm_sql/rlm_sql.c'.

Primoz Bratanic reported this vulnerability.

Impact:   A remote user may be able to execute SQL commands on the underlying database.

A remote user may be able to execute arbitrary code on the target system [however, code execution was not confirmed.]

Solution:   The vendor has released a fixed version (1.0.3), available at:

ftp://ftp.freeradius.org/pub/radius/freeradius-1.0.3.tar.gz

The vendor's advisory is available at:

http://www.freeradius.org/security.html

Vendor URL:  www.freeradius.org/ (Links to External Site)
Cause:   Boundary error, Input validation error
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Jun 23 2005 (Red Hat Issues Fix) FreeBSD 'rlm_sql.c' Contains SQL Injection and Buffer Overflow Bugs
Red Hat has released a fix.



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC