Comment 1 Sune Kloppenborg Jeppesen (RETIRED) 2005-09-23 07:52:15 UTC

net-dialup please advise and bump as necessary. 
 
2005.09.09 v1.0.3, v1.0.4 - Multiple issues exist with version 1.0.4, and all  
prior versions of the server. Externally exploitable vulnerabilities exist  
only for sites that use the rlm_sqlcounter module. Those sites may be  
vulnerable to SQL injection attacks, similar to the issues noted below. All  
sites that have not deployed the rlm_sqlcounter module are not vulnerable to  
external exploits. However, we still recommend that all sites upgrade to  
version 1.0.5.   
The issues are:   
 SQL Injection attack in the rlm_sqlcounter module.  
 Buffer overflow in the rlm_sqlcounter module, that may cause a server crash.  
 Buffer overflow while expanding %t, that may cause a server crash.  
 These issues were found by Primoz Bratanic. As the rlm_sqlcounter module is  
marked "experimental" in the server source, it is not enabled or configured in  
most sites. As a result, we believe that the number of vulnerable sites is  
low.   
Additional issues, not externally exploitable, were found by Suse. A full  
response to their report is available here. A related post to the vendor-sec  
mailing list is found here.  

Comment 2 Alin Năstac (RETIRED) 2005-09-24 11:01:16 UTC

version bumped and marked stable on x86

Comment 3 Thierry Carrez (RETIRED) 2005-09-25 01:37:27 UTC

Thanks Alin, ready for GLSA vote

Comment 4 Thierry Carrez (RETIRED) 2005-09-25 10:40:42 UTC

Only configurations using the frxp local use flag (to enable experimental
modules) are likely to be affected remotely. I tend to vote NO...

Comment 5 Sune Kloppenborg Jeppesen (RETIRED) 2005-09-26 04:01:48 UTC

I tend to vote NO too. 

Comment 6 Thierry Carrez (RETIRED) 2005-09-29 07:45:19 UTC

Closing, reopen if you disagree.