FreeBSD Local Security Checks : FreeBSD Ports: freeradius

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.56915

Categoría: FreeBSD Local Security Checks

Título: FreeBSD Ports: freeradius

Resumen: The remote host is missing an update to the system; as announced in the referenced advisory.

Descripción: Summary:
The remote host is missing an update to the system
as announced in the referenced advisory.

Vulnerability Insight:
The following package is affected: freeradius

CVE-2005-4744
Off-by-one error in the sql_error function in sql_unixodbc.c in
FreeRADIUS 1.0.2.5-5, and possibly other versions including 1.0.4,
might allow remote attackers to cause a denial of service (crash) and
possibly execute arbitrary code by causing the external database query
to fail. NOTE: this single issue is part of a larger-scale
disclosure, originally by SUSE, which reported multiple issues that
were disputed by FreeRADIUS. Disputed issues included file descriptor
leaks, memory disclosure, LDAP injection, and other issues. Without
additional information, the most recent FreeRADIUS report is being
regarded as the authoritative source for this CVE identifier.

Solution:
Update your system with the appropriate patches or
software upgrades.

CVSS Score:
6.4

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2005-4744
14775
http://www.securityfocus.com/bid/14775
16712
http://secunia.com/advisories/16712
19497
http://secunia.com/advisories/19497
19518
http://secunia.com/advisories/19518
19811
http://secunia.com/advisories/19811
20060404-01-U
ftp://patches.sgi.com/support/free/security/advisories/20060404-01-U.asc
20461
http://secunia.com/advisories/20461
DSA-1089
http://www.debian.org/security/2006/dsa-1089
MDKSA-2006:066
http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:066
RHSA-2006:0271
http://rhn.redhat.com/errata/RHSA-2006-0271.html
freeradius-token-sqlunixodbc-dos(22211)
https://exchange.xforce.ibmcloud.com/vulnerabilities/22211
http://www.freeradius.org/security/20050909-response-to-suse.txt
http://www.freeradius.org/security/20050909-vendor-sec.txt
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=167676
oval:org.mitre.oval:def:10449
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10449

Copyright Copyright (C) 2008 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.56915
Categoría:	FreeBSD Local Security Checks
Título:	FreeBSD Ports: freeradius
Resumen:	The remote host is missing an update to the system; as announced in the referenced advisory.
Descripción:	Summary: The remote host is missing an update to the system as announced in the referenced advisory. Vulnerability Insight: The following package is affected: freeradius CVE-2005-4744 Off-by-one error in the sql_error function in sql_unixodbc.c in FreeRADIUS 1.0.2.5-5, and possibly other versions including 1.0.4, might allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by causing the external database query to fail. NOTE: this single issue is part of a larger-scale disclosure, originally by SUSE, which reported multiple issues that were disputed by FreeRADIUS. Disputed issues included file descriptor leaks, memory disclosure, LDAP injection, and other issues. Without additional information, the most recent FreeRADIUS report is being regarded as the authoritative source for this CVE identifier. Solution: Update your system with the appropriate patches or software upgrades. CVSS Score: 6.4 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2005-4744 14775 http://www.securityfocus.com/bid/14775 16712 http://secunia.com/advisories/16712 19497 http://secunia.com/advisories/19497 19518 http://secunia.com/advisories/19518 19811 http://secunia.com/advisories/19811 20060404-01-U ftp://patches.sgi.com/support/free/security/advisories/20060404-01-U.asc 20461 http://secunia.com/advisories/20461 DSA-1089 http://www.debian.org/security/2006/dsa-1089 MDKSA-2006:066 http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:066 RHSA-2006:0271 http://rhn.redhat.com/errata/RHSA-2006-0271.html freeradius-token-sqlunixodbc-dos(22211) https://exchange.xforce.ibmcloud.com/vulnerabilities/22211 http://www.freeradius.org/security/20050909-response-to-suse.txt http://www.freeradius.org/security/20050909-vendor-sec.txt https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=167676 oval:org.mitre.oval:def:10449 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10449
Copyright	Copyright (C) 2008 E-Soft Inc.