Lucene search

Gentoo FoundationGLSA-200608-10

HistoryAug 06, 2006 - 12:00 a.m.

pike: SQL injection vulnerability

2006-08-0600:00:00

Gentoo Foundation

security.gentoo.org

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.01

Percentile

83.5%

JSON

Background

Pike is a general purpose programming language, able to be used for multiple tasks.

Description

Some input is not properly sanitised before being used in a SQL statement in the underlying PostgreSQL database.

Impact

A remote attacker could provide malicious input to a pike program, which might result in the execution of arbitrary SQL statements.

Workaround

There is no known workaround at this time.

Resolution

All pike users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose "&gt;=dev-lang/pike-7.6.86"

OSVersionArchitecturePackageVersionFilename
Gentooanyalldev-lang/pike< 7.6.86UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Gentoo	any	all	dev-lang/pike	< 7.6.86	UNKNOWN

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.01

Percentile

83.5%

JSON

Related for GLSA-200608-10