CVE-2006-4181

Format string vulnerability in the sqllog function in the SQL accounting code for radiusd in GNU Radius 1.2 and 1.3 allows remote attackers to execute arbitrary code via unknown vectors.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=443	Patch Vendor Advisory
http://secunia.com/advisories/23087	Patch Vendor Advisory
http://security.gentoo.org/glsa/glsa-200612-17.xml
http://securitytracker.com/id?1017285	Patch
http://www.securityfocus.com/bid/21303	Patch
http://www.vupen.com/english/advisories/2006/4712
https://exchange.xforce.ibmcloud.com/vulnerabilities/30508

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:gnu:radius:1.2:::::::*
	cpe:2.3:a:gnu:radius:1.3:::::::*

History

No history.

Information

Published : 2006-11-28 02:07

Updated : 2024-02-28 11:01

NVD link : CVE-2006-4181

Mitre link : CVE-2006-4181

CVE.ORG link : CVE-2006-4181

JSON object : View

Products Affected

gnu

radius

CWE

NVD-CWE-Other

{"id": "CVE-2006-4181", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": true, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2006-11-28T02:07:00.000", "references": [{"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=443", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/23087", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://security.gentoo.org/glsa/glsa-200612-17.xml", "source": "cve@mitre.org"}, {"url": "http://securitytracker.com/id?1017285", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/21303", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2006/4712", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30508", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Format string vulnerability in the sqllog function in the SQL accounting code for radiusd in GNU Radius 1.2 and 1.3 allows remote attackers to execute arbitrary code via unknown vectors."}, {"lang": "es", "value": "Vulnerabilidad de cadena de formato en la funci\u00f3n sqllog en el c\u00f3digo de tarificaci\u00f3n SQL para radiusd en GNU Radius 1.2 y 1.3 permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de vectores no especificados."}], "lastModified": "2017-07-20T01:32:53.570", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:gnu:radius:1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "78B79F54-2CD6-49CB-A97D-8EF9B8838C33"}, {"criteria": "cpe:2.3:a:gnu:radius:1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7663874D-D122-4F6D-8DA4-CF1691388700"}], "operator": "OR"}]}], "vendorComments": [{"comment": "Not Vulnerable. Red Hat does not ship GNU Radius in Red Hat Enterprise Linux 2.1, 3, or 4.", "lastModified": "2006-12-04T00:00:00", "organization": "Red Hat"}], "sourceIdentifier": "cve@mitre.org", "evaluatorSolution": "This vulnerability is addressed in the following product release:\r\nGNU, Radius, 1.4"}