Off-by-one error in the sql_error function in sql_unixodbc.c in FreeRADIUS 1.0.2.5-5, and possibly other versions including 1.0.4, might allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by causing the external database query to fail. NOTE: this single issue is part of a larger-scale disclosure, originally by SUSE, which reported multiple issues that were disputed by FreeRADIUS. Disputed issues included file descriptor leaks, memory disclosure, LDAP injection, and other issues. Without additional information, the most recent FreeRADIUS report is being regarded as the authoritative source for this CVE identifier.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2006-03-28T11:00:00
Updated: 2024-08-07T23:53:29.082Z
Reserved: 2006-03-28T00:00:00
Link: CVE-2005-4744
Vulnrichment
No data.
NVD
Status : Modified
Published: 2005-12-31T05:00:00.000
Modified: 2024-11-21T00:05:04.687
Link: CVE-2005-4744
Redhat