Package: dbmail-pgsql
Version: 1.2.11
Severity: grave
Tags: security
Justification: user security hole
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
In pgsql/dbauthpgsql.c escaping is not consistent. Sometimes username and
other user supplied values are escaped and sometimes like in:
auth_check_user(...)
auth_check_user_ext(...)
auth_adduser(...)
auth_delete_user(...)
they are not. This most likely opens ways sql injection.
I don't have proof of concept yet, so if this doesn't look exploitable to
you at first glance, please close it and I'll resubmit it when I finish PoC.
Best regards,
Primoz
- -- System Information:
Debian Release: 3.1
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.8-1-686
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
iD8DBQFB6xk+HOuqnSwJthERAjDgAKCUymqECSMx0/c2p9P+zO7Bdn2zWQCeMLZF
IWWvdB8kL1HOs/Hc0JNCUW0=
=GoHo
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
