Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-2380

Overview

Vulnerability Score 5.1 5.1
CVE Id CVE-2008-2380
Last Modified 20 Mar 2009 01:42:56
Published 22 Dec 2008 10:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2008-2380

Summary

SQL injection vulnerability in authpgsqllib.c in Courier-Authlib before 0.62.0, when a non-Latin locale Postgres database is used, allows remote attackers to execute arbitrary SQL commands via query parameters containing apostrophes.

Vulnerable Systems

Application

  • Courier-mta Courtier-authlib 0.52

  • Courier-mta Courtier-authlib 0.53

  • Courier-mta Courtier-authlib 0.54

  • Courier-mta Courtier-authlib 0.55

  • Courier-mta Courtier-authlib 0.56

  • Courier-mta Courtier-authlib 0.57

  • Courier-mta Courtier-authlib 0.58

  • Courier-mta Courtier-authlib 0.59

  • Courier-mta Courtier-authlib 0.59.1

  • Courier-mta Courtier-authlib 0.59.2

  • Courier-mta Courtier-authlib 0.59.3

  • Courier-mta Courtier-authlib 0.60

  • Courier-mta Courtier-authlib 0.60.1

  • Courier-mta Courtier-authlib 0.60.2

  • Courier-mta Courtier-authlib 0.60.3

  • Courier-mta Courtier-authlib 0.60.4

  • Courier-mta Courtier-authlib 0.60.5

  • Courier-mta Courtier-authlib 0.60.6

  • Courier-mta Courtier-authlib 0.61.0

  • Courier-mta Courtier-authlib 0.61.1


References

BID - 32926

XF - courier-library-postgres-sql-injection(47494)

CONFIRM - http://www.courier-mta.org/authlib/changelog.html

GENTOO - GLSA-200903-25

SECUNIA - 34234

SECUNIA - 33235

OSVDB - 50811


Last Updated: 27 May 2016 10:47:50