1. Skip to navigation
  2. Skip to content
  3. Skip to secondary-content

Where You Are

  1. Home
  2. Security
  3. Security Lab
  4. Latest Threats
  5. Vulnerability Descriptions
  6. SA30391

libpam-pgsql Authentication Bypass Security Issue

Report ID: SA30391
Source: Secunia
Date of Discovery: 26.05.2008
Criticality: Low
Affects:
libpam-pgsql 0.x
Compromise From: From remote
Compromise Type: Security bypass

Summary

A security issue has been reported in libpam-pgsql, which can be exploited by malicious people to bypass certain security restrictions.

Detailed Description

A security issue has been reported in libpam-pgsql, which can be exploited by malicious people to bypass certain security restrictions.

The security issue is caused due to an error in "pam_sm_authenticate()" in pam_pgsql.c and can be exploited to bypass authentication, e.g. by sending a SIGINT during the authentication process.

The vulnerability is reported in version 0.6.3. Prior versions may also be affected.

Solution

Update to version 0.6.4.