Nessus Plugin #15207
Plugin Index
Note: This file has been created from a
downloaded version of the Nessus Plugins
from
http://www.nessus.org/.
Therefore, the information here can be outdated.
[DSA370] DSA-370-1 pam-pgsql
- Family:
- Debian Local Security Checks
- Category:
- infos
- Copyright:
- This script is (C) 2004 Michel Arboi
- Summary:
- DSA-370-1 pam-pgsql
- Version:
- $Revision: 1.4 $
- Cve_id:
- CAN-2003-0672
- Bugtraq_id:
- 8379
- Xrefs:
- DSA:370
- Description:
Florian Zumbiehl reported a vulnerability in pam-pgsql whereby the
username to be used for authentication is used as a format string when
writing a log message. This vulnerability may allow an attacker to
execute arbitrary code with the privileges of the program requesting
PAM authentication.
For the stable distribution (woody) this problem has been fixed in
version 0.5.2-3woody1.
For the unstable distribution (sid) this problem has been fixed in
version 0.5.2-7.
We recommend that you update your pam-pgsql package.
Solution : http://www.debian.org/security/2003/dsa-370
Risk factor : High
Generiert am 27.04.2005 um 18:49:54 Uhr.