|
Family: Debian Local Security Checks --> Category: infos
[DSA370] DSA-370-1 pam-pgsql Vulnerability Scan
Vulnerability Scan Summary DSA-370-1 pam-pgsql
Detailed Explanation for this Vulnerability Test
Florian Zumbiehl reported a vulnerability in pam-pgsql whereby the
username to be used for authentication is used as a format string when
writing a log message. This vulnerability may allow a possible hacker to
execute arbitrary code with the rights of the program requesting
PAM authentication.
For the stable distribution (woody) this problem has been fixed in
version 0.5.2-3woody1.
For the unstable distribution (sid) this problem has been fixed in
version 0.5.2-7.
We recommend that you update your pam-pgsql package.
Solution : http://www.debian.org/security/2003/dsa-370
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|