|
|
CVE Reference: CVE-2006-0056 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2006-0056 |
|
|
Description: Double-free vulnerability in the authentication and authentication token alteration code in PAM-MySQL 0.6.x before 0.6.2 and 0.7.x before 0.7pre3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted passwords, which lead to a double-free of a pointer that was created by the pam_get_item function. NOTE: this issue only occurs in certain configurations in which there are multiple PAM modules, PAM-MySQL is not evaluated first, and there are no requisite modules before PAM-MySQL. |
|
|
CVE Status: Candidate |
|
|
References: ST 1015603 SAID Secunia Advisory: SA18598 Secunia Advisory: SA20690 OSVDB 22995 22994 MISC http://jvn.jp/cert/JVNVU%23693909/index.html GENTOO http://www.gentoo.org/security/en/glsa/glsa-200606-18.xml CONFIRM http://sourceforge.net/forum/forum.php?forum_id=499394 CERT-VN 693909 BID 16564 |
|
| Return to the previous page. |
