Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

Gentoo: 200704-22 High: PEAR-DBX Code Execution Vulnerability

gentoo
Calendar Grey March 17, 2006
Dist Gentoo Esm H88
Gentoo Linux Security Notice 202305-07 points to a critical vulnerability in PEAR-Auth that may allow unauthorized access. Users should upgrade immediately.
PEAR-Auth did not correctly verify data passed to the DB and LDAP containers, thus allowing to inject false credentials to bypass the authentication

Summary

Gentoo Linux Security Advisory GLSA 200603-13 https://security.gentoo.org/ Severity: Normal Title: PEAR-Auth: Potential authentication bypass Date: March 17, 2006 Bugs: #123832 ID: 200603-13

Synopsis ======= PEAR-Auth did not correctly verify data passed to the DB and LDAP containers, thus allowing to inject false credentials to bypass the authentication.
Background ========= PEAR-Auth is a PEAR package that provides methods to create a PHP based authentication system.
Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-php/PEAR-Auth < 1.2.4 >= 1.2.4
========== Matt Van Gundy discovered that PEAR-Auth did not correctly validate data passed to the DB and ...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory security issue gentoo software update authentication bypass normal PEAR-Auth

Resolution

References

Availability

style>.gentoo_availability{display:block;}

Concerns

Topics%20covered

Topics Covered

security advisory security issue gentoo software update authentication bypass normal PEAR-Auth

Synopsis

Background

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Affected Packages

Impact

Workaround

Related News

Your message here