---------------------------------------------------------------------- Want a new IT Security job? Vacant positions at Secunia: http://secunia.com/secunia_vacancies/ ---------------------------------------------------------------------- TITLE: FreeRADIUS Potential SQL Injection and Buffer Overflow Vulnerabilities SECUNIA ADVISORY ID: SA15361 VERIFY ADVISORY: http://secunia.com/advisories/15361/ CRITICAL: Less critical IMPACT: Unknown, Manipulation of data WHERE: >From remote SOFTWARE: FreeRADIUS 1.x http://secunia.com/product/3921/ DESCRIPTION: Primoz Bratanic has reported some vulnerabilities in FreeRADIUS, where one has an unknown impact and the others potentially can be exploited by malicious users to conduct SQL injection attacks. 1) A boundary error in the "sql_escape_func()" function in rlm_sql.c can potentially be exploited to cause a buffer overflow via specially crafted input that needs escaping. It has been speculated that successful exploitation may allow execution of arbitrary code, but this has not been proven. 2) Missing sanitation when calling the "radius_xlat()" function in rlm_sql.c can potentially be exploited by authenticated users to manipulate SQL queries by injecting arbitrary SQL code. SOLUTION: The SQL injection vulnerabilities have been fixed in the CVS repository. The buffer overflow vulnerability has not currently been fixed. PROVIDED AND/OR DISCOVERED BY: Primoz Bratanic ORIGINAL ADVISORY: Gentoo: http://security.gentoo.org/glsa/glsa-200505-13.xml ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------