|
|
Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200606-18] PAM-MySQL: Multiple vulnerabilities Vulnerability Scan
Vulnerability Scan Summary
PAM-MySQL: Multiple vulnerabilities
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200606-18
(PAM-MySQL: Multiple vulnerabilities)
A flaw in handling the result of pam_get_item() as well as further
unspecified flaws were discovered in PAM-MySQL.
Impact
By exploiting the mentioned flaws a possible hacker can cause a Denial of
Service and thus prevent users that authenticate against PAM-MySQL from
logging into a machine. There is also a possible additional attack
vector with more malicious impact that has not been confirmed yet.
Workaround
There is no known workaround at this time.
References:
http://pam-mysql.sourceforge.net/News/
Solution:
All PAM-MySQL users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=sys-auth/pam_mysql-0.7_rc1"
Threat Level: Medium
Click HERE for more information and discussions on this network vulnerability scan.
|
