ftp://patches.sgi.com/support/free/security/advisories/20060404-01-U.asc

http://rhn.redhat.com/errata/RHSA-2006-0271.html

http://secunia.com/advisories/16712

http://secunia.com/advisories/19497

http://secunia.com/advisories/19518

http://secunia.com/advisories/19811

http://secunia.com/advisories/20461

http://www.debian.org/security/2006/dsa-1089

http://www.freeradius.org/security/20050909-response-to-suse.txt

http://www.freeradius.org/security/20050909-vendor-sec.txt

http://www.securityfocus.com/bid/14775

http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:066

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=167676

https://exchange.xforce.ibmcloud.com/vulnerabilities/22211

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10449

Off-by-one error in the sql_error function in sql_unixodbc.c in FreeRADIUS 1.0.2.5-5, and possibly other versions including 1.0.4, might allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by causing the external database query to fail. NOTE: this single issue is part of a larger-scale disclosure, originally by SUSE, which reported multiple issues that were disputed by FreeRADIUS. Disputed issues included file descriptor leaks, memory disclosure, LDAP injection, and other issues. Without additional information, the most recent FreeRADIUS report is being regarded as the authoritative source for this CVE identifier.

Off-by-one error in the sql_error function in sql_unixodbc.c in FreeRADIUS 1.0.2.5-5, and possibly other versions including 1.0.4, might allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by causing the external database query to fail.  NOTE: this single issue is part of a larger-scale disclosure, originally by SUSE, which reported multiple issues that were disputed by FreeRADIUS.  Disputed issues included file descriptor leaks, memory disclosure, LDAP injection, and other issues.  Without additional information, the most recent FreeRADIUS report is being regarded as the authoritative source for this CVE identifier.

Off-by-one error in the sql_error function in sql_unixodbc.c in FreeRADIUS 1.0.2.5-5, and possibly other versions including 1.0.4, might allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by causing the external database query to fail.  NOTE: this single issue is part of a larger-scale disclosure, originally by SUSE, which reported multiple issues that were disputed by FreeRADIUS.  Disputed issues included file descriptor leaks, memory disclosure, LDAP injection, and other issues.  Without additional information, the most recent FreeRADIUS report is being regarded as the authoritative source for this CVE identifier.

Off-by-one error in the sql_error function in sql_unixodbc.c in FreeRADIUS 1.0.2.5-5, and possibly other versions including 1.0.4, might allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by causing the external database query to fail. NOTE: this single issue is part of a larger-scale disclosure, originally by SUSE, which reported multiple issues that were disputed by FreeRADIUS. Disputed issues included file descriptor leaks, memory disclosure, LDAP injection, and other issues. Without additional information, the most recent FreeRADIUS report is being regarded as the authoritative source for this CVE identifier.

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10449 [No Types Assigned]

http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10449 [No Types Assigned]

https://exchange.xforce.ibmcloud.com/vulnerabilities/22211 [No Types Assigned]

http://xforce.iss.net/xforce/xfdb/22211 [Patch]