PEAR::Auth DB / LDAP Container SQL Injection

2006-02-14T04:17:37
ID OSVDB:23428
Type osvdb
Reporter OSVDB
Modified 2006-02-14T04:17:37

Description

Solution Description

Upgrade to version 1.2.4, 1.3.0r4 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

References:

Vendor URL: http://pear.php.net/package/Auth Vendor Specific News/Changelog Entry: http://pear.php.net/package/Auth/download/1.2.4 Vendor Specific Advisory URL Security Tracker: 1015666 Secunia Advisory ID:19301 Secunia Advisory ID:19008 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-02/0407.html ISS X-Force ID: 24854 FrSIRT Advisory: ADV-2006-0696 CVE-2006-0868 Bugtraq ID: 16758