5.1 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
0.005 Low
EPSS
Percentile
71.8%
Two SQL injection vulnerabilities have been found in courier-authlib,
the courier authentification library. The MySQL database interface used
insufficient escaping mechanisms when constructing SQL statements,
leading to SQL injection vulnerabilities if certain charsets are used
(CVE-2008-2380). A similar issue affects the PostgreSQL database
interface (CVE-2008-2667).
For the stable distribution (etch), these problems have been fixed in
version 0.58-4+etch2.
For the testing distribution (lenny) and the unstable distribution
(sid), these problems have been fixed in version 0.61.0-1+lenny1.
We recommend that you upgrade your courier-authlib packages.
CPE | Name | Operator | Version |
---|---|---|---|
courier-authlib | eq | 0.58-4 |