Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 524
Alerts This Week
Warning Icon 1 524

Gentoo: 200704-22 High: PEAR-DBX Code Execution Vulnerability

gentoo
Calendar Grey March 17, 2006
Dist Gentoo Esm H88
Gentoo Linux Security Notice 202305-07 points to a critical vulnerability in PEAR-Auth that may allow unauthorized access. Users should upgrade immediately.
PEAR-Auth did not correctly verify data passed to the DB and LDAP containers, thus allowing to inject false credentials to bypass the authentication

Summary

Gentoo Linux Security Advisory GLSA 200603-13 https://security.gentoo.org/ Severity: Normal Title: PEAR-Auth: Potential authentication bypass Date: March 17, 2006 Bugs: #123832 ID: 200603-13

Synopsis ======= PEAR-Auth did not correctly verify data passed to the DB and LDAP containers, thus allowing to inject false credentials to bypass the authentication.
Background ========= PEAR-Auth is a PEAR package that provides methods to create a PHP based authentication system.
Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-php/PEAR-Auth < 1.2.4 >= 1.2.4
========== Matt Van Gundy discovered that PEAR-Auth did not correctly validate data passed to the DB and ...

Read the Full Advisory

Resolution

References

Availability

style>.gentoo_availability{display:block;}

Concerns

Synopsis

Background

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Affected Packages

Impact

Workaround