Ludovic Lange

**Name of the Vulnerable Software and Affected Versions** PAM-MySQL versions 0.6.x through 0.6.1 PAM-MySQL versions 0.7.x through 0.7pre2 **Description** The issue allows remote attackers to cause a denial of service, resulting in a segmentation fault. This is likely related to the `pam mysql sql log` function, possibly when used in conjunction with vsftpd, due to the absence of the IP address argument in an `sprintf` call. **Recommendations** For PAM-MySQL versions 0.6.x through 0.6.1, update to version 0.6.2 or later. For PAM-MySQL versions 0.7.x through 0.7pre2, update to version 0.7pre3 or later.