OSVDB ID: 50811

Title: Courier Authentication Library authpgsqllib.c Unspecified SQL Injection

Info

Disclosure

Dec 17, 2008

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Dec 17, 2008

Description

Courier Authentication Library contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to authpgsqllib.c not properly sanitizing user-supplied input to unspecified parameters. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

Classification

Location: Remote / Network Access
Attack Type: Information Disclosure, Input Manipulation
Impact: Loss of Confidentiality, Loss of Integrity
Solution: Upgrade
Disclosure: Vendor Verified
OSVDB: Web Related

Solution

Products

Unknown or Incomplete

References

CVE ID: 2008-2380 (see also: NVD)
Bugtraq ID: 32926
Secunia Advisory ID: 33235 33259 33462 34234
ISS X-Force ID: 47494
Vendor Specific News/Changelog Entry: http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00002.html
http://www.courier-mta.org/authlib/changelog.html
Other Advisory URL: http://www.debian.org/security/2008/dsa-1688
Vendor Specific Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200903-25.xml

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/50811