[Git][security-tracker-team/security-tracker][master] CVE-2007-0080/freeradius

Thu, 08 Aug 2024 02:15:32 -0700 


Bastien Roucariès pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
d95e5eba by Bastien Roucariès at 2024-08-08T09:13:13+00:00
CVE-2007-0080/freeradius

This unumimportant bug that need root to trigger a buffer overflow was fixed
by removing the obsolete module in 3.0.0 version

Mark exact fixed version (stretch one) for ELTS and archival purpose

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -717220,8 +717220,10 @@ CVE-2007-0082 (users_adm/start1.php in IMGallery 2.5 
and earlier does not proper
 CVE-2007-0081 (Sunbelt Kerio Personal Firewall (SKPF) 4.3.268 and 4.3.246, and 
possib ...)
        NOT-FOR-US: Sunbelt Kerio Personal Firewall
 CVE-2007-0080 (Buffer overflow in the SMB_Connect_Server function in 
FreeRadius 1.1.3 ...)
-       - freeradius <unfixed> (unimportant)
-       NOTE: Data triggering the buffer overflow can only be controlled by root
+       - freeradius 3.0.12+dfsg-3 (unimportant)
+       NOTE: original affected code 
https://github.com/FreeRADIUS/freeradius-server/blob/release_1_1_3/src/modules/rlm_smb/smblib.c#L104
+       NOTE: rlm_smb module was remove in 3.0.0 see 
https://www.freeradius.org/modules/?mod=rlm_smb
+       NOTE: Data triggering the buffer overflow can only be controlled by 
root so unimportant
 CVE-2007-0079 (rblog stores sensitive information under the web root with 
insufficien ...)
        NOT-FOR-US: rblog
 CVE-2007-0078 (BattleBlog stores sensitive information under the web root with 
insuff ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d95e5eba850c938222ebe35643f3a8b0f2b8837f

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d95e5eba850c938222ebe35643f3a8b0f2b8837f
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to