Thank you.
Primoz Bratanic
On Fri, 2006-03-03 at 13:00 +0100, [EMAIL PROTECTED] wrote:
Package: pam-pgsql
Severity: normal
Tags: patch
pam-pgsql doesn't free memory allocated in mhash_end function. It is not
clearly stateed in libmhash documentation, but pointer returned by
mhash_end
Thank you for your report. I'm waiting for my sponsor to get back from
vacation. Then I'll be able to upload version compatible with new
directory structure of postgresql libraries in Debian.
Regards,
Primoz Bratanic
On Sun, 2005-08-14 at 14:22 +0200, Andreas Jochens wrote:
Package: pam-pgsql
of use_first_pass use use_authtok.
Primoz Bratanic
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Package: mailutils
Followup-For: Bug #308031
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Woody is affected too. Just check MySql/MySql.c (just that there is no
escaping ... )
- -- System Information:
Debian Release: 3.1
APT prefers unstable
APT policy: (500, 'unstable'), (1,
characters ' and (strchr ('\, *p)), but not \ .
Which results in problems like ... username = foo\' something being
escaped to username = foo \\' something which makes \ character literal
but allows escape and subsequent injection.
Solution: add \ to list of characters to be escaped.
Primoz
regarding sql injection problem with changing password (easy
impact would be changing uid to 0 ... root compromise).
Primoz Bratanic
- -- System Information:
Debian Release: 3.1
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.10
Package: xtradius
Severity: grave
Tags: security
Justification: user security hole
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
There is no user input verification whatsoever. In
/contrib/authmysql/authmysql.c username
supplied by user is fed directly to database.
Primoz Bratanic
Package: pam-mysql
Severity: wishlist
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
If you went over trouble of overwriting encrypted password in memory with
zeros (pam_mysql.c line 535-537), why don't overwrite plaintext passwords as
well?
Primoz Bratanic
-BEGIN PGP
Package: pam
Severity: wishlist
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
It may be prudent to see practice from package shadow of zeroing passwords
in any form immediately after no longer needing it, copied to PAM. pam_unix
would be a nice
place to start.
Primoz Bratanic
...), this may
result in SQL injection. This is also hard to exploit as user has to be
authenticated already before any of these sql statements can get executed.
Primoz Bratanic
- -- System Information:
Debian Release: 3.1
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental
Package: dbmail-pgsql
Version: 1.2.11
Severity: grave
Tags: security
Justification: user security hole
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
In pgsql/dbauthpgsql.c escaping is not consistent. Sometimes username and
other user supplied values are escaped and sometimes like in:
11 matches
Mail list logo