Vulnerability Details : CVE-2006-4181
Format string vulnerability in the sqllog function in the SQL accounting code for radiusd in GNU Radius 1.2 and 1.3 allows remote attackers to execute arbitrary code via unknown vectors.
Vulnerability category: Execute code
Products affected by CVE-2006-4181
- cpe:2.3:a:gnu:radius:1.2:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:radius:1.3:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2006-4181
31.33%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 97 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2006-4181
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
Vendor statements for CVE-2006-4181
-
Red Hat 2006-12-04Not Vulnerable. Red Hat does not ship GNU Radius in Red Hat Enterprise Linux 2.1, 3, or 4.
References for CVE-2006-4181
-
http://securitytracker.com/id?1017285
Patch
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/30508
-
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=443
Patch;Vendor Advisory
-
http://security.gentoo.org/glsa/glsa-200612-17.xml
-
http://www.vupen.com/english/advisories/2006/4712
-
http://www.securityfocus.com/bid/21303
Patch
Jump to