Vulnerabilities > CVE-2006-4041 - SQL Injection vulnerability in Pike
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
SQL injection vulnerability in Pike before 7.6.86, when using a Postgres database server, allows remote attackers to execute arbitrary SQL commands via unspecified attack vectors. This vulnerability is addressed in the following product release: Pike, Pike, 7.6.86
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 11 |
Nessus
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200608-10.NASL description The remote host is affected by the vulnerability described in GLSA-200608-10 (pike: SQL injection vulnerability) Some input is not properly sanitised before being used in a SQL statement in the underlying PostgreSQL database. Impact : A remote attacker could provide malicious input to a pike program, which might result in the execution of arbitrary SQL statements. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 22168 published 2006-08-07 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/22168 title GLSA-200608-10 : pike: SQL injection vulnerability code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 200608-10. # # The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(22168); script_version("1.15"); script_cvs_date("Date: 2019/08/02 13:32:43"); script_cve_id("CVE-2006-4041"); script_xref(name:"GLSA", value:"200608-10"); script_name(english:"GLSA-200608-10 : pike: SQL injection vulnerability"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-200608-10 (pike: SQL injection vulnerability) Some input is not properly sanitised before being used in a SQL statement in the underlying PostgreSQL database. Impact : A remote attacker could provide malicious input to a pike program, which might result in the execution of arbitrary SQL statements. Workaround : There is no known workaround at this time." ); # http://secunia.com/advisories/20494/ script_set_attribute( attribute:"see_also", value:"https://secuniaresearch.flexerasoftware.com/advisories/20494/" ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/200608-10" ); script_set_attribute( attribute:"solution", value: "All pike users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=dev-lang/pike-7.6.86'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:pike"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2006/08/06"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/08/07"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"dev-lang/pike", unaffected:make_list("ge 7.6.86"), vulnerable:make_list("lt 7.6.86"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "pike"); }NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-367-1.NASL description A SQL injection was discovered in Pike last seen 2020-06-01 modified 2020-06-02 plugin id 27947 published 2007-11-10 reporter Ubuntu Security Notice (C) 2006-2019 Canonical, Inc. / NASL script (C) 2007-2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27947 title Ubuntu 5.04 : pike7.6 vulnerability (USN-367-1) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-367-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(27947); script_version("1.14"); script_cvs_date("Date: 2019/08/02 13:33:01"); script_cve_id("CVE-2006-4041"); script_xref(name:"USN", value:"367-1"); script_name(english:"Ubuntu 5.04 : pike7.6 vulnerability (USN-367-1)"); script_summary(english:"Checks dpkg output for updated packages."); script_set_attribute( attribute:"synopsis", value: "The remote Ubuntu host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "A SQL injection was discovered in Pike's PostgreSQL module. Applications using a PostgreSQL database and uncommon character encodings could be fooled into running arbitrary SQL commands, which could result in privilege escalation within the application, application data exposure, or denial of service. Please refer to http://www.ubuntu.com/usn/usn-288-1 for more detailled information. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:pike7.6"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:pike7.6-bzip2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:pike7.6-core"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:pike7.6-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:pike7.6-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:pike7.6-gdbm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:pike7.6-gl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:pike7.6-gtk"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:pike7.6-image"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:pike7.6-manual"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:pike7.6-meta"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:pike7.6-mysql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:pike7.6-odbc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:pike7.6-pcre"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:pike7.6-perl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:pike7.6-pg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:pike7.6-reference"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:pike7.6-sane"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:pike7.6-sdl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:pike7.6-svg"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:5.04"); script_set_attribute(attribute:"patch_publication_date", value:"2006/10/18"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/11/10"); script_set_attribute(attribute:"vuln_publication_date", value:"2006/06/06"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2006-2019 Canonical, Inc. / NASL script (C) 2007-2016 Tenable Network Security, Inc."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! ereg(pattern:"^(5\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 5.04", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"5.04", pkgname:"pike7.6", pkgver:"7.6.13-1ubuntu0.1")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"pike7.6-bzip2", pkgver:"7.6.13-1ubuntu0.1")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"pike7.6-core", pkgver:"7.6.13-1ubuntu0.1")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"pike7.6-dev", pkgver:"7.6.13-1ubuntu0.1")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"pike7.6-doc", pkgver:"7.6.13-1ubuntu0.1")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"pike7.6-gdbm", pkgver:"7.6.13-1ubuntu0.1")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"pike7.6-gl", pkgver:"7.6.13-1ubuntu0.1")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"pike7.6-gtk", pkgver:"7.6.13-1ubuntu0.1")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"pike7.6-image", pkgver:"7.6.13-1ubuntu0.1")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"pike7.6-manual", pkgver:"7.6.13-1ubuntu0.1")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"pike7.6-meta", pkgver:"7.6.13-1ubuntu0.1")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"pike7.6-mysql", pkgver:"7.6.13-1ubuntu0.1")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"pike7.6-odbc", pkgver:"7.6.13-1ubuntu0.1")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"pike7.6-pcre", pkgver:"7.6.13-1ubuntu0.1")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"pike7.6-perl", pkgver:"7.6.13-1ubuntu0.1")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"pike7.6-pg", pkgver:"7.6.13-1ubuntu0.1")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"pike7.6-reference", pkgver:"7.6.13-1ubuntu0.1")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"pike7.6-sane", pkgver:"7.6.13-1ubuntu0.1")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"pike7.6-sdl", pkgver:"7.6.13-1ubuntu0.1")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"pike7.6-svg", pkgver:"7.6.13-1ubuntu0.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "pike7.6 / pike7.6-bzip2 / pike7.6-core / pike7.6-dev / pike7.6-doc / etc"); }
References
- http://pike.ida.liu.se/download/notes/7.6.86.xml
- http://secunia.com/advisories/20494
- http://secunia.com/advisories/21362
- http://secunia.com/advisories/22481
- http://security.gentoo.org/glsa/glsa-200608-10.xml
- http://www.securityfocus.com/bid/19367
- http://www.ubuntu.com/usn/usn-367-1
- http://www.vupen.com/english/advisories/2006/2209
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26992