PAM-MySQL Authentication pam_get_item() Function Unspecified Privilege Escalation

2005-09-28T10:51:00
ID OSVDB:22995
Type osvdb
Reporter OSVDB
Modified 2005-09-28T10:51:00

Description

Vulnerability Description

PAM-MySQL contains a flaw that may allow a malicious user to cause a double-free in the pam_get_item function. The issue is triggered when a malicious user sends crafted authentication credentials. It is possible that the flaw may cause the PAM-MySQL process to crash or allow arbitrary code execution resulting in a loss of integrity or availability.

Solution Description

Upgrade to version 0.6.2 or 0.7pre3 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

PAM-MySQL contains a flaw that may allow a malicious user to cause a double-free in the pam_get_item function. The issue is triggered when a malicious user sends crafted authentication credentials. It is possible that the flaw may cause the PAM-MySQL process to crash or allow arbitrary code execution resulting in a loss of integrity or availability.

References:

Vendor Specific News/Changelog Entry: http://sourceforge.net/forum/forum.php?forum_id=499394 Vendor Specific Advisory URL Security Tracker: 1015603 Secunia Advisory ID:20690 Secunia Advisory ID:18598 Related OSVDB ID: 22994 Other Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200606-18.xml Other Advisory URL: http://jvn.jp/cert/JVNVU%23693909/index.html CVE-2006-0056 CERT VU: 693909