1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
|
PublicDate: 2006-02-13
Candidate: CVE-2006-0056
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0056
Description:
Double free vulnerability in the authentication and authentication token
alteration code in PAM-MySQL 0.6.x before 0.6.2 and 0.7.x before 0.7pre3
allows remote attackers to cause a denial of service (application crash)
and possibly execute arbitrary code via crafted passwords, which lead to a
double free of a pointer that was created by the pam_get_item function.
NOTE: this issue only occurs in certain configurations in which there are
multiple PAM modules, PAM-MySQL is not evaluated first, and there are no
requisite modules before PAM-MySQL.
Ubuntu-Description:
Notes:
Bugs:
dapper_pam-mysql: released (0.6.2-1)
edgy_pam-mysql: released (0.6.2-1)
feisty_pam-mysql: released (0.6.2-1)
devel_pam-mysql: released (0.6.2-1)
upstream_pam-mysql:
|