FreeRADIUS token.c and sql_unixodbc.c denial of service

freeradius-token-sqlunixodbc-dos (22211) The risk level is classified as LowLow Risk

Description:

FreeRADIUS is vulnerable to a denial of service caused by an off-by-one error in token.c and sql_unixodbc.c. A local attacker could exploit this vulnerability to cause a denial of service.

Platforms Affected:

  • Debian, Debian Linux 3.1
  • FreeRADIUS, FreeRADIUS 1.0.4
  • MandrakeSoft, Mandrake Linux 2006 X86_64
  • MandrakeSoft, Mandrake Linux 2006
  • RedHat, Enterprise Linux 3 AS
  • RedHat, Enterprise Linux 3 ES
  • RedHat, Enterprise Linux 4 AS
  • RedHat, Enterprise Linux 4 ES

Remedy:

Upgrade to the latest CVS version of FreeRADIUS, available from the FreeRADIUS Web site. See References.

For Red Hat Linux:
Refer to RHSA-2006:0271-12 for patch, upgrade, or suggested workaround information. See References.

For Debian GNU/Linux:
Refer to DSA-1089-1 for patch, upgrade, or suggested workaround information. See References.

Consequences:

Denial of Service

References:

  • FreeRADIUS Web site, FreeRADIUS -- building the perfect RADIUS server at http://www.freeradius.org/.
  • ASA-2006-100: freeradius security update (RHSA-2006-0271)
  • BID-14775: FreeRADIUS Multiple Remote Vulnerabilities
  • CVE-2005-4744: Off-by-one error in the sql_error function in sql_unixodbc.c in FreeRADIUS 1.0.2.5-5, and possibly other versions including 1.0.4, might allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by causing the external database query to fail. NOTE: this single issue is part of a larger-scale disclosure, originally by SUSE, which reported multiple issues that were disputed by FreeRADIUS. Disputed issues included file descriptor leaks, memory disclosure, LDAP injection, and other issues. Without additional information, the most recent FreeRADIUS report is being regarded as the authoritative source for this CVE identifier.
  • DSA-1089: freeradius -- several vulnerabilities
  • MDKSA-2006:066: Updated FreeRADIUS packages fix off-by-one overflow vulnerabilty
  • RHSA-2006-0271: freeradius security update
  • SA16712: FreeRADIUS Multiple Vulnerabilities

Reported:

Sep 08, 2005

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page