libpam-pgsql SQL Injection

2004-03-30T04:52:32
ID OSVDB:4672
Type osvdb
Reporter Primoz Bratanic(primoz@slo-tech.com)
Modified 2004-03-30T04:52:32

Description

Vulnerability Description

Pam-PGSQL <0.5.2-7.1 contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to not properly sanitizing user-supplied input. This may allow an attacker to inject or manipulate SQL queries in the backend database.

Solution Description

Upgrade to version 0.5.2-7.1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Pam-PGSQL <0.5.2-7.1 contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to not properly sanitizing user-supplied input. This may allow an attacker to inject or manipulate SQL queries in the backend database.

References:

Secunia Advisory ID:11237 Other Advisory URL: http://www.debian.org/security/2004/dsa-469 CVE-2004-0366