Family: Debian Local Security Checks --> Category: infos
[DSA370] DSA-370-1 pam-pgsql Vulnerability Scan
Vulnerability Scan Summary
Detailed Explanation for this Vulnerability Test
Florian Zumbiehl reported a vulnerability in pam-pgsql whereby the
username to be used for authentication is used as a format string when
writing a log message. This vulnerability may allow a possible hacker to
execute arbitrary code with the rights of the program requesting
For the stable distribution (woody) this problem has been fixed in
For the unstable distribution (sid) this problem has been fixed in
We recommend that you update your pam-pgsql package.
Solution : http://www.debian.org/security/2003/dsa-370
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.