Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2000-0957

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2000-0957
Last Modified 10 Sep 2008 03:06:13
Published 19 Dec 2000 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2000-0957

Summary

The pluggable authentication module for mysql (pam_mysql) before 0.4.7 does not properly cleanse user input when constructing SQL statements, which allows attackers to obtain plaintext passwords or hashes.

Vulnerable Systems

Application

  • Pam Mysql 0.1

  • Pam Mysql 0.2

  • Pam Mysql 0.3

  • Pam Mysql 0.4


References

XF - pammysql-auth-input

BUGTRAQ - 20001026 (SRADV00004) Remote and local vulnerabilities in pam_mysql


Last Updated: 27 May 2016 10:35:56