Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.4
CVSSv2

CVE-2005-4744

Published: 31/12/2005 Updated: 07/11/2023
CVSS v2 Base Score: 6.4 | Impact Score: 4.9 | Exploitability Score: 10
VMScore: 570
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:P
Subscribe to Freeradius

Vulnerability Summary

Off-by-one error in the sql_error function in sql_unixodbc.c in FreeRADIUS 1.0.2.5-5, and possibly other versions including 1.0.4, might allow remote malicious users to cause a denial of service (crash) and possibly execute arbitrary code by causing the external database query to fail. NOTE: this single issue is part of a larger-scale disclosure, originally by SUSE, which reported multiple issues that were disputed by FreeRADIUS. Disputed issues included file descriptor leaks, memory disclosure, LDAP injection, and other issues. Without additional information, the most recent FreeRADIUS report is being regarded as the authoritative source for this CVE identifier.

Vulnerable Product Search on Vulmon Subscribe to Product

freeradius freeradius 1.0.4

freeradius freeradius 1.0.3

Vendor Advisories

Debian Security Advisories: DSA-1089-1 freeradius -- several vulnerabilities
Several problems have been discovered in freeradius, a high-performance and highly configurable RADIUS server The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2005-4744 SuSE researchers have discovered several off-by-one errors may allow remote attackers to cause a denial of service and possibly ...

References

NVD-CWE-Otherhttp://www.freeradius.org/security/20050909-response-to-suse.txthttp://www.freeradius.org/security/20050909-vendor-sec.txthttps://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=167676http://www.securityfocus.com/bid/14775http://secunia.com/advisories/16712http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:066http://rhn.redhat.com/errata/RHSA-2006-0271.htmlhttp://secunia.com/advisories/19497http://secunia.com/advisories/19518ftp://patches.sgi.com/support/free/security/advisories/20060404-01-U.aschttp://secunia.com/advisories/19811http://www.debian.org/security/2006/dsa-1089http://secunia.com/advisories/20461https://exchange.xforce.ibmcloud.com/vulnerabilities/22211https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10449https://nvd.nist.govhttps://www.debian.org/security/./dsa-1089
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-38298CVE-2024-20356CVE-2023-21987CVE-2024-33217bypassCVE-2024-31804CVE-2024-32660unauthorizedSSRF
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook