Vulnerability CVE-2006-4181
Published: 2006-11-27   Modified: 2012-02-12

Description:
Format string vulnerability in the sqllog function in the SQL accounting code for radiusd in GNU Radius 1.2 and 1.3 allows remote attackers to execute arbitrary code via unknown vectors.

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
10/10
10/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
GNU -> Radius 

 References:
http://www.securityfocus.com/bid/21303
http://securitytracker.com/id?1017285
http://secunia.com/advisories/23087
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=443
http://www.vupen.com/english/advisories/2006/4712
http://xforce.iss.net/xforce/xfdb/30508
http://security.gentoo.org/glsa/glsa-200612-17.xml
Copyright 2024, cxsecurity.com

 

Back to Top