Bug 189826
Summary: | CVE-2005-1454,1455,4744, CVE-2006-1354 FreeRADIUS issues | ||
---|---|---|---|
Product: | [Retired] Fedora Legacy | Reporter: | Marc Deslauriers <marc.deslauriers> |
Component: | freeradius | Assignee: | Fedora Legacy Bugs <bugs> |
Status: | CLOSED WONTFIX | QA Contact: | |
Severity: | high | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | deisenst, pekkas |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | impact=important, LEGACY, 1, 2, 3, needsbuild | ||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2007-08-30 20:07:26 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Marc Deslauriers
2006-04-24 21:58:30 UTC
A bug was also found in the way FreeRADIUS logs SQL errors from the sql_unixodbc module. It may be possible for an attacker to cause FreeRADIUS to crash or execute arbitrary code if they are able to manipulate the SQL database FreeRADIUS is connecting to. (CVE-2005-4744) https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=167676 A buffer overflow bug was found in the way FreeRADIUS escapes data in an SQL query. An attacker may be able to crash FreeRADIUS if they cause FreeRADIUS to escape a string containing three or less characters. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-1454 to this issue. Additionally a bug was found in the way FreeRADIUS escapes SQL data. It is possible that an authenticated user could execute arbitrary SQL queries by sending a specially crafted request to FreeRADIUS. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-1455 to this issue. https://rhn.redhat.com/errata/RHSA-2005-524.html -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Here are updated packages to QA. 964960430c91dd9552addad269e9cb4a9c80b598 1/freeradius-1.0.1-0.FC1.6.legacy.src.rpm e2b7f001fb5a07ff3e844ba1c61f826e4ae39cf6 2/freeradius-1.0.1-0.FC2.1.legacy.src.rpm bd895561a3f5f1ec2d37bc35b491a07c6fd2ba6b 3/freeradius-1.0.1-2.FC3.2.legacy.src.rpm Downloads: http://www.infostrategique.com/linuxrpms/legacy/1/freeradius-1.0.1-0.FC1.6.legacy.src.rpm http://www.infostrategique.com/linuxrpms/legacy/2/freeradius-1.0.1-0.FC2.1.legacy.src.rpm http://www.infostrategique.com/linuxrpms/legacy/3/freeradius-1.0.1-2.FC3.2.legacy.src.rpm -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (GNU/Linux) iD8DBQFEWo+FLMAs/0C4zNoRAk1OAKCBqVGBW5Ph9dfpwb5oV5ukmgz7BwCfXxQg YNbRf/fLL+W2vDhbA3ZXLfk= =kBfH -----END PGP SIGNATURE----- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 QA w/ rpm-build-compare.sh: - source integrity good - spec file changes minimal - patches verified to be identical to RHEL3 +PUBLISH FC1, FC2, FC3 964960430c91dd9552addad269e9cb4a9c80b598 freeradius-1.0.1-0.FC1.6.legacy.src.rpm e2b7f001fb5a07ff3e844ba1c61f826e4ae39cf6 freeradius-1.0.1-0.FC2.1.legacy.src.rpm bd895561a3f5f1ec2d37bc35b491a07c6fd2ba6b freeradius-1.0.1-2.FC3.2.legacy.src.rpm -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQFEWue/GHbTkzxSL7QRAtzKAJ9KNTA2bhb1i/d02ptAsP2oTWU45ACgjsfj wRtOsVhWYXqy1S9unvHNE8I= =niDg -----END PGP SIGNATURE----- I'm having trouble building this in mock. Can someone have a look at: http://turbosphere.fedoralegacy.org/logs/fedora-3-core/112-freeradius-1.0.1-2.FC3.2.legacy/x86_64/build.log It looks like libtool for the x86_64 build is having trouble locating libpthread. I sure don't know why though... So it appears that libtool is creating .a libraries instead of .so libraries when it cannot dynamically link in libpthread. Hope this helps, Marc. *ping* Are we still stuck on this one, Marc? Fedora Legacy project has ended. These will not be fixed by Fedora Legacy. |