407437 – (CVE-2012-0805) <dev-python/sqlalchemy-0.7.4 : "limit" and "offset" Keywords SQL Injection Vulnerabilities (CVE-2012-0805)

Bug 407437 (CVE-2012-0805) - <dev-python/sqlalchemy-0.7.4 : "limit" and "offset" Keywords SQL Injection Vulnerabilities (CVE-2012-0805)

Summary: <dev-python/sqlalchemy-0.7.4 : "limit" and "offset" Keywords SQL Injection Vu...

Status:	RESOLVED FIXED

Alias:	CVE-2012-0805

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal minor (vote)
Assignee:	Gentoo Security

URL:	https://secunia.com/advisories/48328/
Whiteboard:	B3 [glsa]
Keywords:

Depends on:
Blocks:

Reported:	2012-03-08 16:04 UTC by Agostino Sarubbo
Modified:	2012-09-26 22:19 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Agostino Sarubbo gentoo-dev

2012-03-08 16:04:38 UTC

From secunia security advisory at $URL:

Description
Input passed via the "limit" and "offset" keywords to the "select()" function is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

The vulnerabilities are reported in versions prior to 0.7.0.

Solution
Update to version 0.7.0.

Comment 1 Agostino Sarubbo gentoo-dev

2012-03-08 16:05:16 UTC

@python

Please remove from the tre the vulnerable version(s)

Comment 2 Marien Zwart (RETIRED) gentoo-dev

2012-03-08 18:13:56 UTC

Vulnerable versions removed (and removed everything before latest stable while I was at it).

Comment 3 Agostino Sarubbo gentoo-dev

2012-03-08 19:22:58 UTC

(In reply to comment #2)
> Vulnerable versions removed (and removed everything before latest stable
> while I was at it).

Thanks.


@security, please vote.

Comment 4 Sean Amoss (RETIRED) gentoo-dev

2012-03-08 21:08:01 UTC

Thanks, everyone. GLSA vote: no.

Comment 5 Tim Sammut (RETIRED) gentoo-dev

2012-03-11 06:34:25 UTC

Thanks, folks. GLSA Vote: yes.

Comment 6 GLSAMaker/CVETool Bot gentoo-dev

2012-06-15 19:01:14 UTC

CVE-2012-0805 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0805):
  Multiple SQL injection vulnerabilities in SQLAlchemy before 0.7.0b4, as used
  in Keystone, allow remote attackers to execute arbitrary SQL commands via
  the (1) limit or (2) offset keyword to the select function, or unspecified
  vectors to the (3) select.limit or (4) select.offset function.

Comment 7 Tobias Heinlein (RETIRED) gentoo-dev

2012-08-14 16:03:49 UTC

YES too, request filed.

Comment 8 GLSAMaker/CVETool Bot gentoo-dev

2012-09-26 22:19:35 UTC

This issue was resolved and addressed in
 GLSA 201209-16 at http://security.gentoo.org/glsa/glsa-201209-16.xml
by GLSA coordinator Sean Amoss (ackle).