CVE-2006-4181

Summary

CVE	CVE-2006-4181
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2006-11-28 02:07:00 UTC
Updated	2017-07-20 01:32:00 UTC
Description	Format string vulnerability in the sqllog function in the SQL accounting code for radiusd in GNU Radius 1.2 and 1.3 allows remote attackers to execute arbitrary code via unknown vectors.

Risk And Classification

Problem Types: NVD-CWE-Other

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Gnu	Radius	1.2	All	All	All
Application	Gnu	Radius	1.3	All	All	All
Application	Gnu	Radius	1.2	All	All	All
Application	Gnu	Radius	1.3	All	All	All

References

Reference	Source	Link	Tags
IBM X-Force Exchange	XF	exchange.xforce.ibmcloud.com
GNU Radius: Format string vulnerability — Gentoo Linux Documentation	GENTOO	security.gentoo.org
GNU Radius "sqllog()" Format String Vulnerability - Advisories - Secunia	SECUNIA	secunia.com	Patch, Vendor Advisory
Webmail - OVH	VUPEN	www.vupen.com
GNU Radius SQLLog Remote Format String Vulnerability	BID	www.securityfocus.com	Patch
GNU RADIUS 'sqllog' Format String Flaw Lets Remote Users Execute Arbitrary Code - SecurityTracker	SECTRACK	securitytracker.com	Patch
20061126 GNU Radius Format String Vulnerability	IDEFENSE	labs.idefense.com	Patch, Vendor Advisory
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

Vendor Comments And Credit

Organization	Published	Contributor	Statement
Red Hat	2006-12-04	Joshua Bressers	Not Vulnerable. Red Hat does not ship GNU Radius in Red Hat Enterprise Linux 2.1, 3, or 4.

There are currently no legacy QID mappings associated with this CVE.