Martin Schulze wrote: > Package : pam-pgsql > Vulnerability : missing input sanitising > Problem-Type : remote > Debian-specific: no > CVE ID : CAN-2004-0366 > > Primoz Bratanic discovered a bug in libpam-psgl, a PAM module to > authenticate using a PostgreSQL database. The library does not escape > all user-supplied data that are sent to the database. An attacker > could exploit this bug to insert SQL statements.
How does this differ from <http://cert.uni-stuttgart.de/advisories/postgresql_pam_nss.php>? -- Current mail filters: many dial-up/DSL/cable modem hosts, and the following domains: postino.it, tiscali.co.uk, tiscali.cz, tiscali.it, voila.fr. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
