Thank you for your report. I'm waiting for my sponsor to get back from
vacation. Then I'll be able to upload version compatible with new
directory structure of postgresql libraries in Debian.
Regards,
Primoz Bratanic
On Sun, 2005-08-14 at 14:22 +0200, Andreas Jochens wrote:
Package: pam-pgsql
characters ' and (strchr ('\, *p)), but not \ .
Which results in problems like ... username = foo\' something being
escaped to username = foo \\' something which makes \ character literal
but allows escape and subsequent injection.
Solution: add \ to list of characters to be escaped.
Primoz
regarding sql injection problem with changing password (easy
impact would be changing uid to 0 ... root compromise).
Primoz Bratanic
- -- System Information:
Debian Release: 3.1
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.10
Package: xtradius
Severity: grave
Tags: security
Justification: user security hole
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
There is no user input verification whatsoever. In
/contrib/authmysql/authmysql.c username
supplied by user is fed directly to database.
Primoz Bratanic
4 matches
Mail list logo