Bug acknowledged. This should be fixed by the pending 2.0.3 upload.
Primoz Bratanic wrote:
Package: dbmail-pgsql Version: 1.2.11 Severity: grave Tags: security Justification: user security hole
In pgsql/dbauthpgsql.c escaping is not consistent. Sometimes username and other user supplied values are escaped and sometimes like in:
auth_check_user(...) auth_check_user_ext(...) auth_adduser(...) auth_delete_user(...)
they are not. This most likely opens ways sql injection.
I don't have proof of concept yet, so if this doesn't look exploitable to you at first glance, please close it and I'll resubmit it when I finish PoC.
Best regards,
Primoz
-- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.8-1-686 Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
-- ________________________________________________________________ Paul Stevens [EMAIL PROTECTED] NET FACILITIES GROUP GPG/PGP: 1024D/11F8CD31 The Netherlands_______________________________________www.nfg.nl
-- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]