CVE-2005-1455 - Vulnerability Details - OpenCVE

Buffer overflow in the sql_escape_func function in the SQL module for FreeRADIUS 1.0.2 and earlier allows remote attackers to cause a denial of service (crash).

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Freeradius	Freeradius
Redhat	Enterprise Linux

Configuration 1 [-]

cpe:2.3:a:freeradius:freeradius:1.0.2:*:*:*:*:*:*:*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 3
freeradius-0:1.0.1-1.1.RHEL3	cpe:/o:redhat:enterprise_linux:3	RHSA-2005:524	2005-06-23T00:00:00Z
Red Hat Enterprise Linux 4
freeradius-0:1.0.1-3.RHEL4	cpe:/o:redhat:enterprise_linux:4	RHSA-2005:524	2005-06-23T00:00:00Z

References

Link	Providers
http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2005-05/0492.html
http://www.freeradius.org/security.html
http://www.gentoo.org/security/en/glsa/glsa-200505-13.xml
http://www.novell.com/linux/security/advisories/2005_14_sr.html
http://www.redhat.com/support/errata/RHSA-2005-524.html
http://www.securityfocus.com/bid/13541
http://www.securitytracker.com/alerts/2005/May/1013909.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/20450
https://nvd.nist.gov/vuln/detail/CVE-2005-1455
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9579
https://www.cve.org/CVERecord?id=CVE-2005-1455

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2005-05-19T04:00:00

Updated: 2024-08-07T21:51:50.027Z

Reserved: 2005-05-05T00:00:00

Link: CVE-2005-1455

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2005-05-19T04:00:00.000

Modified: 2025-04-03T01:03:51.193

Link: CVE-2005-1455

Redhat

Severity : Moderate

Publid Date: 2005-05-04T00:00:00Z

Links: CVE-2005-1455 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2005-05-06T00:00:00", "descriptions": [{"lang": "en", "value": "Buffer overflow in the sql_escape_func function in the SQL module for FreeRADIUS 1.0.2 and earlier allows remote attackers to cause a denial of service (crash)."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-10-10T00:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "SUSE-SR:2005:014", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://www.novell.com/linux/security/advisories/2005_14_sr.html"}, {"name": "oval:org.mitre.oval:def:9579", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9579"}, {"name": "1013909", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/alerts/2005/May/1013909.html"}, {"name": "20050520 ERRATA: [ GLSA 200505-13 ] FreeRADIUS: SQL injection and Denial of Service vulnerability", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2005-05/0492.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.freeradius.org/security.html"}, {"name": "GLSA-200505-13", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200505-13.xml"}, {"name": "RHSA-2005:524", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2005-524.html"}, {"name": "13541", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/13541"}, {"name": "freeradius-sqlescapefunc-bo(20450)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20450"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T21:51:50.027Z"}, "title": "CVE Program Container", "references": [{"name": "SUSE-SR:2005:014", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://www.novell.com/linux/security/advisories/2005_14_sr.html"}, {"name": "oval:org.mitre.oval:def:9579", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9579"}, {"name": "1013909", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/alerts/2005/May/1013909.html"}, {"name": "20050520 ERRATA: [ GLSA 200505-13 ] FreeRADIUS: SQL injection and Denial of Service vulnerability", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2005-05/0492.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.freeradius.org/security.html"}, {"name": "GLSA-200505-13", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200505-13.xml"}, {"name": "RHSA-2005:524", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2005-524.html"}, {"name": "13541", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/13541"}, {"name": "freeradius-sqlescapefunc-bo(20450)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20450"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2005-1455", "datePublished": "2005-05-19T04:00:00", "dateReserved": "2005-05-05T00:00:00", "dateUpdated": "2024-08-07T21:51:50.027Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:freeradius:freeradius:1.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "E95ADE53-BFBE-4B06-A1BF-EF576D567554", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Buffer overflow in the sql_escape_func function in the SQL module for FreeRADIUS 1.0.2 and earlier allows remote attackers to cause a denial of service (crash)."}], "id": "CVE-2005-1455", "lastModified": "2025-04-03T01:03:51.193", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2005-05-19T04:00:00.000", "references": [{"source": "secalert@redhat.com", "url": "http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2005-05/0492.html"}, {"source": "secalert@redhat.com", "url": "http://www.freeradius.org/security.html"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200505-13.xml"}, {"source": "secalert@redhat.com", "url": "http://www.novell.com/linux/security/advisories/2005_14_sr.html"}, {"source": "secalert@redhat.com", "url": "http://www.redhat.com/support/errata/RHSA-2005-524.html"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/13541"}, {"source": "secalert@redhat.com", "url": "http://www.securitytracker.com/alerts/2005/May/1013909.html"}, {"source": "secalert@redhat.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20450"}, {"source": "secalert@redhat.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9579"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2005-05/0492.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.freeradius.org/security.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200505-13.xml"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.novell.com/linux/security/advisories/2005_14_sr.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2005-524.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/13541"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/alerts/2005/May/1013909.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20450"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9579"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}