229 matches found
CVE-2008-2516
pamsmauthenticate in pampgsql.c in libpam-pgsql 0.6.3 does not properly consider operator precedence when evaluating the success of a pamgetpass function call, which allows local users to gain privileges via a SIGINT signal when this function is executing, as demonstrated by a CTRL-C sequence at ...
Design/Logic Flaw
pamsmauthenticate in pampgsql.c in libpam-pgsql 0.6.3 does not properly consider operator precedence when evaluating the success of a pamgetpass function call, which allows local users to gain privileges via a SIGINT signal when this function is executing, as demonstrated by a CTRL-C sequence at ...
CVE-2008-2516
CVE-2008-2516 affects libpam-pgsql 0.6.3: pam_sm_authenticate in pam_pgsql.c does not correctly handle operator precedence when evaluating pam_get_pass, enabling local privilege escalation via a SIGINT (CTRL-C) at a sudo password prompt under an auth sufficient pam_pgsql.so configuration. Exploit...
CVE-2008-2516
pamsmauthenticate in pampgsql.c in libpam-pgsql 0.6.3 does not properly consider operator precedence when evaluating the success of a pamgetpass function call, which allows local users to gain privileges via a SIGINT signal when this function is executing, as demonstrated by a CTRL-C sequence at ...
libpam-pgsql pam_pgsql.c文件绕过认证漏洞
BUGTRAQ ID: 29360 libpam-pgsql是使用PostgreSQL数据库认证用户的PAM模块。 libpam-pgsql的pampgsql.c文件中的pamsmauthenticate函数存在安全漏洞,如果在认证过程中发送了SIGINT,例如在sudo要求输入用户口令时按下Ctrl+C,则无需输入正确口令sudo也可以成功。 libpam-pgsql 0.6.3 libpam-pgsql ------------ 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:...
Debian Security Advisory DSA 935-1 (libapache2-mod-auth-pgsql)
The remote host is missing an update to libapache2-mod-auth-pgsql announced via advisory DSA 935-1. iDEFENSE reports that a format string vulnerability in modauthpgsql, a library used to authenticate web users against a PostgreSQL database, could be used to execute arbitrary code with the...
Debian: Security Advisory (DSA-935-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian Security Advisory DSA 370-1 (pam-pgsql)
The remote host is missing an update to pam-pgsql announced via advisory DSA 370-1. OpenVAS Vulnerability Test $Id: deb3701.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 370-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...
Debian: Security Advisory (DSA-726-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian: Security Advisory (DSA-469)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian: Security Advisory (DSA-771-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian Security Advisory DSA 683-1 (postgresql)
The remote host is missing an update to postgresql announced via advisory DSA 683-1. OpenVAS Vulnerability Test $Id: deb6831.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 683-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...
Debian Security Advisory DSA 1087-1 (postgresql)
The remote host is missing an update to postgresql announced via advisory DSA 1087-1. Several encoding problems have been discovered in PostgreSQL, a popular SQL database. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2006-2313 Akio Ishida and Yasuo Ohgak...
Debian Security Advisory DSA 726-1 (oops)
The remote host is missing an update to oops announced via advisory DSA 726-1. OpenVAS Vulnerability Test $Id: deb7261.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 726-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...
Debian: Security Advisory (DSA-370)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
DEBIAN-CVE-2007-6171
SQL injection vulnerability in the Postgres Realtime Engine resconfigpgsql in Asterisk 1.4.x before 1.4.15 and C.x before C.1.0-beta6 allows remote attackers to execute arbitrary SQL commands via unknown vectors...
rPSA-2007-0242-1 php5 php5-cgi php5-mysql php5-pear php5-pgsql php5-soap php5-xsl
rPath Security Advisory: 2007-0242-1 Published: 2007-11-19 Products: rPath Appliance Platform Linux Service 1 rPath Linux 1 Rating: Minor Exposure Level Classification: Remote Deterministic Denial of Service Updated Versions: php5=conary.rpath.com@rpl:1/5.2.5-1-1...
Fedora 8 : koffice-1.6.3-13.fc8 (2007-3093)
This update includes fixes to pdf import filters that can cause crashes possibly execute arbitrary code. See http://www.kde.org/info/security/advisory-20071107-1.txt Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenabl...
Fedora 7 : php-pear-DB-1.7.11-1.fc7 (2007-0249)
1.7.11 : fbsql : - Fixed commit and rollback to specify the handle to be used. 1.7.10 : mysqli : - Added a type map for BIT fields. 1.7.9 : sybase : - Added divide by zero error mapping. - Added a specific quoteFloat implementation along the same lines as fbsql. - Updated tableInfo to cope with o...
Mandrake Linux Security Advisory : postgresql (MDKSA-2007:188)
PostgreSQL 8.1 and probably later and earlier versions, when local trust authentication is enabled and the Database Link library dblink is installed, allows remote attackers to access arbitrary accounts and execute arbitrary SQL queries via a dblink host parameter that proxies the connection from...