PAM-MySQL contains a double-free vulnerability

Overview

PAM-MySQL contains a double-free vulnerability that may allow a remote attacker to execute arbitrary code or cause a denial-of-service condition.

Description

PAM-MySQL provides a Pluggable Authentication Module (PAM) interface to a MySQL database. PAM-MySQL does not securely handle a pointer returned by the pam_get_item() routine, which results in a double-free vulnerability. The vulnerability exists if the following conditions are present:

1. Two or more PAM modules are stacked.
2. The PAM-MySQL module is not the first in the stack.
3. Any of the modules preceding the PAM-MySQL module are not marked as requisite.

---

Impact

If a remote attacker supplies a specially crafted password to a vulnerable PAM-MySQL installation, that attacker may be able to crash the PAM-MySQL process. Note that it may be possible to exploit this vulnerability to execute arbitrary code.

---

Solution

Upgrade PAM-MySQLUpgrading to PAM-MySQL version 0.6.2 or PAM-MySQL version 0.7pre3 will correct this issue.

---

Vendor Information

693909

Filter by status: All Affected Not Affected Unknown

Filter by content: __ Additional information available

__ Sort by: Status Alphabetical

Expand all

Javascript is disabled. Click here to view vendors.

Ricoh Corporation Not Affected

Updated: May 17, 2006

Status

Not Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

CVSS Metrics

Group	Score	Vector
Base
Temporal
Environmental

References

• <http://jvn.jp/cert/JVNVU%23693909/index.html&gt;
• <http://pam-mysql.sourceforge.net/News/00005.php&gt;
• <http://sourceforge.net/forum/forum.php?forum_id=499394&gt;

Acknowledgements

This vulnerability was reported by Moriyoshi Koizumi.

This document was written by Jeff Gennari.

Other Information

CVE IDs:	CVE-2006-0056
Severity Metric:	3.94 Date Public: