Test ID:	1.3.6.1.4.1.25623.1.0.58209
Category:	Mandrake Local Security Checks
Title:	Mandrake Security Advisory MDKSA-2007:092 (freeradius)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to freeradius announced via advisory MDKSA-2007:092. Multiple buffer overflows were found in the FreeRADIUS package version 1.0.4 and prior that could allow a remote attacker to cause a crash via the rlm_sqlcounter module (CVE-2005-4746). As well, an SQL injection vulnerability was also found in the rlm_sqlcounter that could allow a remote attacker to execute arbitrary SQL commands via unknown attack vectors (CVE-2005-4745). Updated packages have been patched to correct this issue. Affected: Corporate 4.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2007:092 Risk factor : High CVSS Score: 7.8
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2005-4746 17293 http://www.securityfocus.com/bid/17293 19324 http://www.osvdb.org/19324 19325 http://www.osvdb.org/19325 DSA-1145 http://www.debian.org/security/2006/dsa-1145 MDKSA-2006:066 http://www.mandriva.com/security/advisories?name=MDKSA-2006:066 MDKSA-2007:092 http://www.mandriva.com/security/advisories?name=MDKSA-2007:092 http://www.freeradius.org/security.html Common Vulnerability Exposure (CVE) ID: CVE-2005-4745 17294 http://www.securityfocus.com/bid/17294 19323 http://www.osvdb.org/19323
Copyright	Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.