23 matches found
EUVD-2013-0227
Malware in sbrugna...
CVE-2013-0191
libpam-pgsql aka pampgsql 0.7 does not properly handle a NULL value returned by the password search query, which allows remote attackers to bypass authentication via a crafted password...
CVE-2013-0191
libpam-pgsql aka pampgsql 0.7 does not properly handle a NULL value returned by the password search query, which allows remote attackers to bypass authentication via a crafted password...
UBUNTU-CVE-2013-0191
libpam-pgsql aka pampgsql 0.7 does not properly handle a NULL value returned by the password search query, which allows remote attackers to bypass authentication via a crafted password...
Authentication flaw
libpam-pgsql aka pampgsql 0.7 does not properly handle a NULL value returned by the password search query, which allows remote attackers to bypass authentication via a crafted password...
CVE-2013-0191
The CVE-2013-0191 entry concerns libpam-pgsql (pam_pgsql) 0.7, where a NULL value returned by the password search query is not handled properly, allowing remote attackers to bypass authentication with a crafted password. This is documented in the NVD entry for CVE-2013-0191. The connected records...
CVE-2013-0191
Removed by vendor...
CVE-2013-0191
libpam-pgsql aka pampgsql 0.7 does not properly handle a NULL value returned by the password search query, which allows remote attackers to bypass authentication via a crafted password...
CVE-2008-2516
pamsmauthenticate in pampgsql.c in libpam-pgsql 0.6.3 does not properly consider operator precedence when evaluating the success of a pamgetpass function call, which allows local users to gain privileges via a SIGINT signal when this function is executing, as demonstrated by a CTRL-C sequence at ...
Design/Logic Flaw
pamsmauthenticate in pampgsql.c in libpam-pgsql 0.6.3 does not properly consider operator precedence when evaluating the success of a pamgetpass function call, which allows local users to gain privileges via a SIGINT signal when this function is executing, as demonstrated by a CTRL-C sequence at ...
CVE-2008-2516
pamsmauthenticate in pampgsql.c in libpam-pgsql 0.6.3 does not properly consider operator precedence when evaluating the success of a pamgetpass function call, which allows local users to gain privileges via a SIGINT signal when this function is executing, as demonstrated by a CTRL-C sequence at ...
CVE-2008-2516
CVE-2008-2516 affects libpam-pgsql 0.6.3: pam_sm_authenticate in pam_pgsql.c does not correctly handle operator precedence when evaluating pam_get_pass, enabling local privilege escalation via a SIGINT (CTRL-C) at a sudo password prompt under an auth sufficient pam_pgsql.so configuration. Exploit...
CVE-2008-2516
pamsmauthenticate in pampgsql.c in libpam-pgsql 0.6.3 does not properly consider operator precedence when evaluating the success of a pamgetpass function call, which allows local users to gain privileges via a SIGINT signal when this function is executing, as demonstrated by a CTRL-C sequence at ...
libpam-pgsql pam_pgsql.c文件绕过认证漏洞
BUGTRAQ ID: 29360 libpam-pgsql是使用PostgreSQL数据库认证用户的PAM模块。 libpam-pgsql的pampgsql.c文件中的pamsmauthenticate函数存在安全漏洞,如果在认证过程中发送了SIGINT,例如在sudo要求输入用户口令时按下Ctrl+C,则无需输入正确口令sudo也可以成功。 libpam-pgsql 0.6.3 libpam-pgsql ------------ 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:...
Debian DSA-469-1 : pam-pgsql - missing input sanitising
Primoz Bratanic discovered a bug in libpam-pgsql, a PAM module to authenticate using a PostgreSQL database. The library does not escape all user-supplied data that are sent to the database. An attacker could exploit this bug to insert SQL statements. %NASLMINLEVEL 70300 C Tenable Network Security...
CVE-2004-0366
SQL injection vulnerability in the libpam-pgsql library before 0.5.2 allows attackers to execute arbitrary SQL statements...
CVE-2004-0366
Removed by vendor...
CVE-2004-0366
CVE-2004-0366 affects libpam-pgsql (pam-pgsql) with a SQL injection vulnerability present in versions prior to 0.5.2. The underlying issue is missing input sanitising that allows an attacker to insert arbitrary SQL statements when data is sent to PostgreSQL. Debian and OpenVAS entries document th...
CVE-2004-0366
SQL injection vulnerability in the libpam-pgsql library before 0.5.2 allows attackers to execute arbitrary SQL statements...
PT-2004-1520 · Unknown · Libpam-Pgsql
Name of the Vulnerable Software and Affected Versions: libpam-pgsql versions prior to 0.5.2 Description: The issue allows attackers to execute arbitrary SQL statements due to a SQL injection vulnerability in the libpam-pgsql library. Recommendations: For versions prior to 0.5.2, update to version...