Debian Security Advisory DSA 469-1 (pam-pgsql)

Debian Security Advisory DSA 469-1 (pam-pgsql) - Bug in libpam-pgsq

Reporter	Title	Published	Views	Family All 11
CVE	CAN-2004-0366	23 Feb 202419:18	–	cve
CVE	CVE-2004-0366	6 Apr 200404:00	–	cve
Cvelist	CVE-2004-0366	6 Apr 200404:00	–	cvelist
Debian	[SECURITY] [DSA 469-1] New libpam-pgsql packages fix SQL injection	29 Mar 200413:44	–	debian
Debian	[SECURITY] [DSA 469-1] New libpam-pgsql packages fix SQL injection	29 Mar 200413:44	–	debian
Debian CVE	CVE-2004-0366	6 Apr 200404:00	–	debiancve
Tenable Nessus	Debian DSA-469-1 : pam-pgsql - missing input sanitising	29 Sep 200400:00	–	nessus
NVD	CVE-2004-0366	4 May 200404:00	–	nvd
OpenVAS	Debian: Security Advisory (DSA-469)	17 Jan 200800:00	–	openvas
OSV	DSA-469 pam-pgsql - missing input sanitising	29 Mar 200400:00	–	osv

# OpenVAS Vulnerability Test
# $Id: deb_469_1.nasl 6616 2017-07-07 12:10:49Z cfischer $
# Description: Auto-generated from advisory DSA 469-1
#
# Authors:
# Thomas Reinke <[email protected]>
#
# Copyright:
# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com
# Text descriptions are largerly excerpted from the referenced
# advisory, and are Copyright (c) the respective author(s)
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2,
# as published by the Free Software Foundation
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
#

include("revisions-lib.inc");
tag_insight = "Primoz Bratanic discovered a bug in libpam-psgl, a PAM module to
authenticate using a PostgreSQL database.  The library does not escape
all user-supplied data that are sent to the database.  An attacker
could exploit this bug to insert SQL statements.

For the stable distribution (woody) this problem has been fixed in
version 0.5.2-3woody2.

For the unstable distribution (sid) this problem has been fixed in
version 0.5.2-7.1.

We recommend that you upgrade your libpam-pgsql package.";
tag_summary = "The remote host is missing an update to pam-pgsql
announced via advisory DSA 469-1.";

tag_solution = "https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20469-1";

if(description)
{
 script_id(53166);
 script_version("$Revision: 6616 $");
 script_tag(name:"last_modification", value:"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $");
 script_tag(name:"creation_date", value:"2008-01-17 22:41:51 +0100 (Thu, 17 Jan 2008)");
 script_bugtraq_id(10266);
 script_cve_id("CVE-2004-0366");
 script_tag(name:"cvss_base", value:"7.5");
 script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
 script_name("Debian Security Advisory DSA 469-1 (pam-pgsql)");



 script_category(ACT_GATHER_INFO);

 script_copyright("Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com");
 script_family("Debian Local Security Checks");
 script_dependencies("gather-package-list.nasl");
 script_mandatory_keys("ssh/login/debian_linux", "ssh/login/packages");
 script_tag(name : "solution" , value : tag_solution);
 script_tag(name : "insight" , value : tag_insight);
 script_tag(name : "summary" , value : tag_summary);
 script_tag(name:"qod_type", value:"package");
 script_tag(name:"solution_type", value:"VendorFix");
 exit(0);
}

#
# The script code starts here
#

include("pkg-lib-deb.inc");

res = "";
report = "";
if ((res = isdpkgvuln(pkg:"libpam-pgsql", ver:"0.5.2-3woody2", rls:"DEB3.0")) != NULL) {
    report += res;
}

if (report != "") {
    security_message(data:report);
} else if (__pkg_match) {
    exit(99); # Not vulnerable.
}

07 Jul 2017 00:00Current

0.3Low risk

Vulners AI Score0.3

EPSS0.00563