Info

Disclosure

Sep 20, 2005

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

PAM-MySAQL contains a flaw that may allow a remote denial of service. The issue is triggered when by an unspecified flaw resulting in a segmentation fault in the SQL logging facility occurs, and will result in loss of availability for the service.

Classification

Location: Remote / Network Access
Attack Type: Denial of Service
Impact: Loss of Availability
Exploit: Exploit Unknown
Disclosure: OSVDB Verified, Vendor Verified
OSVDB: Web Related

Solution

Upgrade to version 0.6.2, 0.7pre3 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

PAM-MySQL Developers	PAM-MySQL	0.6.1
		0.7pre2

References

Security Tracker: 1015603
Secunia Advisory ID: 18598 20690
CVE ID: 2005-4713 (see also: NVD) 2006-0056 (see also: NVD)
Related OSVDB ID: 22995
CERT VU: 693909
Other Advisory URL: http://jvn.jp/cert/JVNVU%23693909/index.html
http://www.gentoo.org/security/en/glsa/glsa-200606-18.xml
Vendor Specific Advisory URL: http://pam-mysql.sourceforge.net/News/00005.php
Vendor Specific News/Changelog Entry: http://sourceforge.net/forum/forum.php?forum_id=499394

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/22994

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

PAM-MySQL Developers

PAM-MySQL

References

Credit