PAM-MySQL SQL Logging Facility Segfault DoS

2005-09-20T10:51:00
ID OSVDB:22994
Type osvdb
Reporter OSVDB
Modified 2005-09-20T10:51:00

Description

Vulnerability Description

PAM-MySAQL contains a flaw that may allow a remote denial of service. The issue is triggered when by an unspecified flaw resulting in a segmentation fault in the SQL logging facility occurs, and will result in loss of availability for the service.

Solution Description

Upgrade to version 0.6.2, 0.7pre3 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

PAM-MySAQL contains a flaw that may allow a remote denial of service. The issue is triggered when by an unspecified flaw resulting in a segmentation fault in the SQL logging facility occurs, and will result in loss of availability for the service.

References:

Vendor Specific News/Changelog Entry: http://sourceforge.net/forum/forum.php?forum_id=499394 Vendor Specific Advisory URL Security Tracker: 1015603 Secunia Advisory ID:20690 Secunia Advisory ID:18598 Related OSVDB ID: 22995 Other Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200606-18.xml Other Advisory URL: http://jvn.jp/cert/JVNVU%23693909/index.html CVE-2006-0056 CVE-2005-4713 CERT VU: 693909