0.5.2

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

leon-j-breedt

NVD

Published: 2001-09-10

Updated: 2008-09-10

Summary

Leon J Breedt pam-pgsql before 0.5.2 allows remote attackers to execute arbitrary SQL code and bypass authentication or modify user account records by injecting SQL statements into user or password fields.

Vulnerable Configurations

Part	Description	Count
Application	Leon_J_Breedt Leon J Breedt PAM Pgsql 0.5.1 Leon J Breedt PAM Pgsql 0.5.2	2

References

ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:14.pam-pgsql.asc
http://www.iss.net/security_center/static/7110.php
http://www.securityfocus.com/bid/3319