Vulnerabilities > CVE-2005-4713 - Denial Of Service vulnerability in PAM-MySQL Code Execution And
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
Unspecified vulnerability in the SQL logging facility in PAM-MySQL 0.6.x before 0.6.2 and 0.7.x before 0.7pre3 allows remote attackers to cause a denial of service (segmentation fault) via unspecified vectors, probably involving the pam_mysql_sql_log function when being used in vsftpd, which does not include the IP address argument to an sprintf call.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 9 |
Nessus
NASL family | Gentoo Local Security Checks |
NASL id | GENTOO_GLSA-200606-18.NASL |
description | The remote host is affected by the vulnerability described in GLSA-200606-18 (PAM-MySQL: Multiple vulnerabilities) A flaw in handling the result of pam_get_item() as well as further unspecified flaws were discovered in PAM-MySQL. Impact : By exploiting the mentioned flaws an attacker can cause a Denial of Service and thus prevent users that authenticate against PAM-MySQL from logging into a machine. There is also a possible additional attack vector with more malicious impact that has not been confirmed yet. Workaround : There is no known workaround at this time. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 21711 |
published | 2006-06-16 |
reporter | This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/21711 |
title | GLSA-200606-18 : PAM-MySQL: Multiple vulnerabilities |
code |
|
References
- http://secunia.com/advisories/18598
- http://secunia.com/advisories/20690
- http://sourceforge.net/forum/forum.php?forum_id=499394
- http://sourceforge.net/tracker/index.php?func=detail&aid=1256243&group_id=5741&atid=305741
- http://www.gentoo.org/security/en/glsa/glsa-200606-18.xml
- http://www.securityfocus.com/bid/16564
- http://www.vupen.com/english/advisories/2006/0490