|
Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200608-10] pike: SQL injection vulnerability Vulnerability Scan
Vulnerability Scan Summary pike: SQL injection vulnerability
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200608-10
(pike: SQL injection vulnerability)
Some input is not properly sanitised before being used in a SQL
statement in the underlying PostgreSQL database.
Impact
A remote attacker could provide malicious input to a pike program,
which might result in the execution of arbitrary SQL statements.
Workaround
There is no known workaround at this time.
References:
http://secunia.com/advisories/20494/
Solution:
All pike users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-lang/pike-7.6.86"
Threat Level: Medium
Click HERE for more information and discussions on this network vulnerability scan.
|