paul Posted April 23, 2007 Report Share Posted April 23, 2007 Multiple buffer overflows were found in the FreeRADIUS package version 1.0.4 and prior that could allow a remote attacker to cause a crash via the rlm_sqlcounter module (CVE-2005-4746). As well, an SQL injection vulnerability was also found in the rlm_sqlcounter that could allow a remote attacker to execute arbitrary SQL commands via unknown attack vectors (CVE-2005-4745). Updated packages have been patched to correct this issue. Link to comment Share on other sites More sharing options...
Recommended Posts