Select local site

F-Secure Vulnerability Information :
libpam-pgsql Authentication Bypass Security Issue

[Summary] | [Detailed Description] | [Solution] | [CVE Reference]

Report ID:SA30391
Source:Secunia
Date of Discovery:26.05.2008
Criticality:Low
Affects:

libpam-pgsql 0.x

Compromise From:From remote
Compromise Type:Security bypass
Summary

A security issue has been reported in libpam-pgsql, which can be exploited by malicious people to bypass certain security restrictions.

Back to the Top

Detailed Description

A security issue has been reported in libpam-pgsql, which can be exploited by malicious people to bypass certain security restrictions.

The security issue is caused due to an error in "pam_sm_authenticate()" in pam_pgsql.c and can be exploited to bypass authentication, e.g. by sending a SIGINT during the authentication process.

The vulnerability is reported in version 0.6.3. Prior versions may also be affected.

Back to the Top

Solution

Update to version 0.6.4.

Back to the Top

CVE Reference
Back to the Top

F-Secure Corporation