Pam-Mysql · Pam-Mysql · CVE-2006-0056
Name of the Vulnerable Software and Affected Versions:
PAM-MySQL versions 0.6.x through 0.6.1
PAM-MySQL versions 0.7.x through 0.7pre2
Description:
A double free vulnerability exists in the authentication and authentication token alteration code, allowing remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted passwords. This issue occurs when there are multiple PAM modules, PAM-MySQL is not evaluated first, and there are no requisite modules before PAM-MySQL.
Recommendations:
For PAM-MySQL versions 0.6.x through 0.6.1, update to version 0.6.2 or later.
For PAM-MySQL versions 0.7.x through 0.7pre2, update to version 0.7pre3 or later.