[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [SECURITY] [DSA 469-1] New libpam-pgsql packages fix SQL injection

Martin Schulze wrote:

> Package        : pam-pgsql
> Vulnerability  : missing input sanitising
> Problem-Type   : remote
> Debian-specific: no
> CVE ID         : CAN-2004-0366
> Primoz Bratanic discovered a bug in libpam-psgl, a PAM module to
> authenticate using a PostgreSQL database.  The library does not escape
> all user-supplied data that are sent to the database.  An attacker
> could exploit this bug to insert SQL statements.

How does this differ from


Current mail filters: many dial-up/DSL/cable modem hosts, and the
following domains: postino.it, tiscali.co.uk, tiscali.cz, tiscali.it,

Reply to: