Re: [SECURITY] [DSA 469-1] New libpam-pgsql packages fix SQL injection
Martin Schulze wrote:
> Package : pam-pgsql
> Vulnerability : missing input sanitising
> Problem-Type : remote
> Debian-specific: no
> CVE ID : CAN-2004-0366
>
> Primoz Bratanic discovered a bug in libpam-psgl, a PAM module to
> authenticate using a PostgreSQL database. The library does not escape
> all user-supplied data that are sent to the database. An attacker
> could exploit this bug to insert SQL statements.
How does this differ from
<http://cert.uni-stuttgart.de/advisories/postgresql_pam_nss.php>?
--
Current mail filters: many dial-up/DSL/cable modem hosts, and the
following domains: postino.it, tiscali.co.uk, tiscali.cz, tiscali.it,
voila.fr.
Reply to: