CVE-2006-0056

Name of the Vulnerable Software and Affected Versions: PAM-MySQL versions 0.6.x through 0.6.1 PAM-MySQL versions 0.7.x through 0.7pre2

Description: A double free vulnerability exists in the authentication and authentication token alteration code, allowing remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted passwords. This issue occurs when there are multiple PAM modules, PAM-MySQL is not evaluated first, and there are no requisite modules before PAM-MySQL.

Recommendations: For PAM-MySQL versions 0.6.x through 0.6.1, update to version 0.6.2 or later. For PAM-MySQL versions 0.7.x through 0.7pre2, update to version 0.7pre3 or later.