First Last Prev Next    No search results available      Search page      Enter new bug
Bug#: 94824
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Sune Kloppenborg Jeppesen <jaervosz@gentoo.org>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 94824 depends on: Show dependency tree
Bug 94824 blocks:

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2005-06-02 07:15 0000 
I don't think this was fixed in the last round. From Debian bug:

In /auth/sql.c there is a function sql_escape_string (...) which does
escaping of "bad" characters before feding them to DB. The problem is that
function only escapes characters ' and " (strchr ("'\"", *p)), but not \ .
Which results in problems like ... username = foo\' something being
"escaped" to username = foo \\' something which makes \ character literal
but allows escape and subsequent injection.

Solution: add \ to list of characters to be escaped.

Primoz Bratanic

------- Comment #1 From Fernando J. Pereda (RETIRED) 2005-06-02 14:08:48 0000 ------- 
Yep, files/mailutils-SQLinjection.patch fixes it.

Cheers,
Ferdy

------- Comment #2 From Sune Kloppenborg Jeppesen 2005-06-02 22:18:30 0000 ------- 
Thx Ferdy, this seems to be ready for GLSA decision. I tend to vote NO.

------- Comment #3 From Thierry Carrez (RETIRED) 2005-06-03 00:44:32 0000 ------- 
This is CAN-2005-1824.
I tend to vote YES. It probably allows to create mail accounts by SQL injection ?

------- Comment #4 From solar 2005-06-04 05:04:17 0000 ------- 
yes vote

------- Comment #5 From SpanKY 2005-06-04 21:12:02 0000 ------- 
seems to only be an issue with mysql or postgres in USE ... so i think we
should
have a GLSA, just make sure to note that requirement

------- Comment #6 From Thierry Carrez (RETIRED) 2005-06-06 11:07:11 0000 ------- 
GLSA 200506-02
First Last Prev Next    No search results available      Search page      Enter new bug