Vulnerabilities > CVE-2006-0868 - Unspecified vulnerability in Pear XML RPC

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

pear

nessus

NVD

Published: 2006-02-23

Updated: 2024-11-21

Summary

Multiple unspecified injection vulnerabilities in unspecified Auth Container back ends for PEAR::Auth before 1.2.4, and 1.3.x before 1.3.0r4, allow remote attackers to "falsify authentication credentials," related to the "underlying storage containers."

Vulnerable Configurations

Part	Description	Count
Application	Pear Pear XML RPC 1.2.0 Pear XML RPC 1.0.2 Pear XML RPC 1.2.1 Pear XML RPC 1.0.4 Pear XML RPC 1.2.0Rc7 Pear XML RPC 1.3.0Rc1 Pear XML RPC 1.3.0Rc2 Pear XML RPC 1.1.0 Pear XML RPC 1.2.0Rc2 Pear XML RPC 1.2.2 Pear XML RPC 1.2.0Rc3 Pear XML RPC 1.3.0Rc3 Pear XML RPC 1.2.0Rc4 Pear XML RPC 1.2.0Rc1 Pear XML RPC 1.2.0Rc6 Pear XML RPC 1.2.0Rc5 Pear XML RPC 1.0.3	17

Nessus

NASL family	Gentoo Local Security Checks
NASL id	GENTOO_GLSA-200603-13.NASL
description	The remote host is affected by the vulnerability described in GLSA-200603-13 (PEAR-Auth: Potential authentication bypass) Matt Van Gundy discovered that PEAR-Auth did not correctly validate data passed to the DB and LDAP containers. Impact : A remote attacker could possibly exploit this vulnerability to bypass the authentication mechanism by injecting specially crafted input to the underlying storage containers. Workaround : There is no known workaround at this time.
last seen	2020-06-01
modified	2020-06-02
plugin id	21094
published	2006-03-18
reporter	This script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/21094
title	GLSA-200603-13 : PEAR-Auth: Potential authentication bypass

Summary

Vulnerable Configurations

Nessus

References