FreeRADIUS Multiple RLM_SQLCounter Buffer Overflow Vulnerabilities

Bugtraq ID:	17293
Class:	Boundary Condition Error
CVE:	CVE-2005-4746
Remote:	Yes
Local:	No
Published:	Sep 09 2005 12:00AM
Updated:	Apr 26 2007 09:10PM
Credit:	Primoz Bratanic is credited with the discovery of these vulnerabilities.
Vulnerable:	MandrakeSoft Corporate Server 4.0 x86_64 MandrakeSoft Corporate Server 4.0 FreeRADIUS FreeRADIUS 1.0.4 FreeRADIUS FreeRADIUS 1.0.3 Debian Linux 3.1 sparc Debian Linux 3.1 s/390 Debian Linux 3.1 ppc Debian Linux 3.1 mipsel Debian Linux 3.1 mips Debian Linux 3.1 m68k Debian Linux 3.1 ia-64 Debian Linux 3.1 ia-32 Debian Linux 3.1 hppa Debian Linux 3.1 arm Debian Linux 3.1 amd64 Debian Linux 3.1 alpha Debian Linux 3.1
Not Vulnerable:	FreeRADIUS FreeRADIUS 1.1.1 FreeRADIUS FreeRADIUS 1.1 FreeRADIUS FreeRADIUS 1.0.5

FreeRADIUS Multiple RLM_SQLCounter Buffer Overflow Vulnerabilities

FreeRADIUS is prone to multiple buffer-overflow vulnerabilities. These issues are due to a failure in the application to do proper bounds checking on user-supplied data.

Reportedly, these issues may result in a denial-of-service condition only. Attackers cannot exploit these issues to gain unauthorized remote access.

FreeRADIUS Multiple RLM_SQLCounter Buffer Overflow Vulnerabilities

Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]

FreeRADIUS Multiple RLM_SQLCounter Buffer Overflow Vulnerabilities

Solution:
The vendor released an update to address these issues.

Please see the referenced advisories for more information.


FreeRADIUS FreeRADIUS 1.0.3

• FreeRADIUS freeradius-1.1.1.tar.gz
  ftp://ftp.freeradius.org/pub/radius/freeradius-1.1.1.tar.gz

FreeRADIUS FreeRADIUS 1.0.4

• FreeRADIUS freeradius-1.1.1.tar.gz
  ftp://ftp.freeradius.org/pub/radius/freeradius-1.1.1.tar.gz


• Mandriva freeradius-1.0.4-2.4.20060mlcs4.i586.rpm
  Corporate 4.0:
  http://www.mandriva.com/en/download


• Mandriva freeradius-1.0.4-2.4.20060mlcs4.x86_64.rpm
  Corporate 4.0/X86_64:
  http://www.mandriva.com/en/download


• Mandriva lib64freeradius1-1.0.4-2.4.20060mlcs4.x86_64.rpm
  Corporate 4.0/X86_64:
  http://www.mandriva.com/en/download


• Mandriva lib64freeradius1-devel-1.0.4-2.4.20060mlcs4.x86_64.rpm
  Corporate 4.0/X86_64:
  http://www.mandriva.com/en/download


• Mandriva lib64freeradius1-krb5-1.0.4-2.4.20060mlcs4.x86_64.rpm
  Corporate 4.0/X86_64:
  http://www.mandriva.com/en/download


• Mandriva lib64freeradius1-ldap-1.0.4-2.4.20060mlcs4.x86_64.rpm
  Corporate 4.0/X86_64:
  http://www.mandriva.com/en/download


• Mandriva lib64freeradius1-mysql-1.0.4-2.4.20060mlcs4.x86_64.rpm
  Corporate 4.0/X86_64:
  http://www.mandriva.com/en/download


• Mandriva lib64freeradius1-postgresql-1.0.4-2.4.20060mlcs4.x86_64.rpm
  Corporate 4.0/X86_64:
  http://www.mandriva.com/en/download


• Mandriva lib64freeradius1-unixODBC-1.0.4-2.4.20060mlcs4.x86_64.rpm
  Corporate 4.0/X86_64:
  http://www.mandriva.com/en/download


• Mandriva libfreeradius1-1.0.4-2.4.20060mlcs4.i586.rpm
  Corporate 4.0:
  http://www.mandriva.com/en/download


• Mandriva libfreeradius1-devel-1.0.4-2.4.20060mlcs4.i586.rpm
  Corporate 4.0:
  http://www.mandriva.com/en/download


• Mandriva libfreeradius1-krb5-1.0.4-2.4.20060mlcs4.i586.rpm
  Corporate 4.0:
  http://www.mandriva.com/en/download


• Mandriva libfreeradius1-ldap-1.0.4-2.4.20060mlcs4.i586.rpm
  Corporate 4.0:
  http://www.mandriva.com/en/download


• Mandriva libfreeradius1-mysql-1.0.4-2.4.20060mlcs4.i586.rpm
  Corporate 4.0:
  http://www.mandriva.com/en/download


• Mandriva libfreeradius1-postgresql-1.0.4-2.4.20060mlcs4.i586.rpm
  Corporate 4.0:
  http://www.mandriva.com/en/download


• Mandriva libfreeradius1-unixODBC-1.0.4-2.4.20060mlcs4.i586.rpm
  Corporate 4.0:
  http://www.mandriva.com/en/download

FreeRADIUS Multiple RLM_SQLCounter Buffer Overflow Vulnerabilities

References:

• FreeRADIUS Homepage (FreeRADIUS)
  
• FreeRADIUS Security Information (FreeRADIUS)