PT-2006-1144 · Pam-Mysql · Pam-Mysql
Moriyoshi Koizumi
·
Published
2006-02-13
·
Updated
2011-03-08
·
CVE-2006-0056
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions:
PAM-MySQL versions 0.6.x through 0.6.1
PAM-MySQL versions 0.7.x through 0.7pre2
Description:
A double free vulnerability exists in the authentication and authentication token alteration code, allowing remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted passwords. This issue occurs when there are multiple PAM modules, PAM-MySQL is not evaluated first, and there are no requisite modules before PAM-MySQL.
Recommendations:
For PAM-MySQL versions 0.6.x through 0.6.1, update to version 0.6.2 or later.
For PAM-MySQL versions 0.7.x through 0.7pre2, update to version 0.7pre3 or later.
Fix
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Pam-Mysql