oss-sec mailing list archives
mod-auth-mysql: SQL injection
From: Steffen Joeris <steffen.joeris () skolelinux de>
Date: Wed, 21 Jan 2009 11:46:41 -0500
Hi The following issue can now be made public. Please note that this describes the software used in debian as mod-auth-mysql (binary name is libapache2-mod-auth-mysql). It is different from the SF project. Package : mod-auth-mysql Vulnerability : SQL injection vulnerability Problem type : remote Debian-specific: no CVE Id : CVE-2008-2384 Martin Joey Schulze discovered that mod-auth-mysq, an apache 2 module for mysql authentication, is prone to an SQL injection due to insufficient escaping mechanisms, when multybite character encodings are used. The link[0] points to the patch. Please credit Martin Joey Schulze for writing it. Cheers Steffen [0]: http://klecker.debian.org/~white/mod-auth-mysql/CVE-2008-2384_mod-auth-mysql.patch
Attachment:
signature.asc
Description: This is a digitally signed message part.
Current thread:
- mod-auth-mysql: SQL injection Steffen Joeris (Jan 21)
- Re: mod-auth-mysql: SQL injection Steven M. Christey (Jan 22)