Nessus Plugin #15207

Plugin Index

Note: This file has been created from a downloaded version of the Nessus Plugins from http://www.nessus.org/. Therefore, the information here can be outdated.

[DSA370] DSA-370-1 pam-pgsql

Family:
Debian Local Security Checks
Category:
infos
Copyright:
This script is (C) 2004 Michel Arboi
Summary:
DSA-370-1 pam-pgsql
Version:
$Revision: 1.4 $
Cve_id:
CAN-2003-0672
Bugtraq_id:
8379
Xrefs:
DSA:370
Description:

Florian Zumbiehl reported a vulnerability in pam-pgsql whereby the
username to be used for authentication is used as a format string when
writing a log message. This vulnerability may allow an attacker to
execute arbitrary code with the privileges of the program requesting
PAM authentication.
For the stable distribution (woody) this problem has been fixed in
version 0.5.2-3woody1.
For the unstable distribution (sid) this problem has been fixed in
version 0.5.2-7.
We recommend that you update your pam-pgsql package.


Solution : http://www.debian.org/security/2003/dsa-370
Risk factor : High
Generiert am 27.04.2005 um 18:49:54 Uhr.