|
|
Log in / Subscribe / Register

FreeRADIUS: buffer overflow and SQL injection

Package(s):freeradius CVE #(s):CAN-2005-1454 CAN-2005-1455
Created:May 17, 2005 Updated:June 23, 2005
Description: Primoz Bratanic discovered that the sql_escape_func function of FreeRADIUS 1.0.2 and earlier may be vulnerable to a buffer overflow. He also discovered that FreeRADIUS fails to sanitize user-input before using it in a SQL query, possibly allowing SQL command injection.
Alerts:
Red Hat RHSA-2005:524-01 freeradius 2005-06-23
Gentoo 200505-13:02 freeradius 2005-05-17
Gentoo 200505-13 freeradius 2005-05-17
to post comments

FreeRADIUS: buffer overflow and SQL injection

Posted May 26, 2005 7:52 UTC (Thu) by mjc@redhat.com (guest, #2303) [Link]

CAN-2005-1454 for the overflow.
CAN-2005-1455 for the SQL injection issues.


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds