Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-2667

Overview

Vulnerability Score 5.1 5.1
CVE Id CVE-2008-2667
Last Modified 14 Apr 2009 12:00:00
Published 07 Jul 2008 07:41:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2008-2667

Summary

SQL injection vulnerability in the Courier Authentication Library (aka courier-authlib) before 0.60.6 on SUSE openSUSE 10.3 and 11.0, and other platforms, when MySQL and a non-Latin character set are used, allows remote attackers to execute arbitrary SQL commands via the username and unspecified other vectors.

Vulnerable Systems

Operating System

  • Open Suse 10.3

  • Open Suse 11.0

Application

  • Courier-mta Courtier-authlib 0.52

  • Courier-mta Courtier-authlib 0.53

  • Courier-mta Courtier-authlib 0.54

  • Courier-mta Courtier-authlib 0.55

  • Courier-mta Courtier-authlib 0.56

  • Courier-mta Courtier-authlib 0.57

  • Courier-mta Courtier-authlib 0.58

  • Courier-mta Courtier-authlib 0.59

  • Courier-mta Courtier-authlib 0.59.1

  • Courier-mta Courtier-authlib 0.59.2

  • Courier-mta Courtier-authlib 0.59.3

  • Courier-mta Courtier-authlib 0.60

  • Courier-mta Courtier-authlib 0.60.1

  • Courier-mta Courtier-authlib 0.60.2

  • Courier-mta Courtier-authlib 0.60.3

  • Courier-mta Courtier-authlib 0.60.4

  • Courier-mta Courtier-authlib 0.60.5


References

XF - opensuse-unspecified-sql-injection(43628)

MLIST - [courier-announce] 20080608 courier-authlib 0.60.6 released

MLIST - [courier-users] 20080314 Re: [courier-users] [Fwd: Re: authmysql vs apostrophe]

CONFIRM - http://www.courier-mta.org/authlib/changelog.html

GENTOO - GLSA-200809-05

SECUNIA - 30967

SECUNIA - 30591

SUSE - SUSE-SR:2008:014

CONFIRM - http://bugs.gentoo.org/show_bug.cgi?id=225407


Last Updated: 27 May 2016 10:57:52