CVE-2005-4746

Name of the Vulnerable Software and Affected Versions FreeRADIUS versions 1.0.3 through 1.0.4

Description The issue involves multiple buffer overflows that allow remote attackers to cause a denial of service (crash) via the rlm sqlcounter module or unknown vectors while expanding %t. The vulnerability can be exploited remotely, potentially leading to a disruption in the availability of protected information.

Recommendations For FreeRADIUS versions 1.0.3 and 1.0.4, consider disabling the rlm sqlcounter module as a temporary workaround until a patch is available. Restrict access to the vulnerable modules to minimize the risk of exploitation. Avoid using the %t expansion in the affected configurations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.