正文

Apache mod_auth_pgsql远程SQL查询操作漏洞

admin
admin V管理员 /0 评论 /8 阅读
1231
此篇文章发布距今已超过1230天,您需要注意文章的内容或图片是否可用!

漏洞信息详情

Apache mod_auth_pgsql远程SQL查询操作漏洞

  • CNNVD编号:CNNVD-200108-149
    • <!--
  • 危害等级: 高危-->
  • 危害等级: 高危
  • CVE编号: CVE-2001-1379
  • 漏洞类型: SQL注入
  • 发布时间: 2001-08-29
  • 威胁类型: 远程
  • 更新时间: 2005-10-20
  • 厂        商: guiseppe_tanzilli_and_matthias_eckermann
  • 漏洞来源: This vulnerability...

漏洞简介

PostgreSQL认证模式(1)mod_auth_pgsql 0.9.5,(2)mod_auth_pgsql_sys 0.9.4存在漏洞。远程攻击者可以借助用户名上的SQL注入攻击绕过认证并执行任意SQL。

漏洞公告

Version 0.9.6 was still found to be prone to remote SQL query manipulation, so the vendor has released 0.9.9 to address this. Conectiva has also released upgrades. Guiseppe Tanzilli and Matthias Eckermann mod_auth_pgsql 0.9.5

  • Conectiva 4.0 mod_auth_pgsql-0.8-4U40_3cl.i386.rpm ftp://atualizacoes.conectiva.com.br/4.0/i386/mod_auth_pgsql-0.8-4U40_3 cl.i386.rpm
  • Conectiva 4.0es mod_auth_pgsql-0.8-4U40_3cl.i386.rpm ftp://atualizacoes.conectiva.com.br/4.0es/i386/mod_auth_pgsql-0.8-4U40 _3cl.i386.rpm
  • Conectiva 4.1 mod_auth_pgsql-0.8-4U41_3cl.i386.rpm tp://atualizacoes.conectiva.com.br/4.1/i386/mod_auth_pgsql-0.8-4U41_3c l.i386.rpm
  • Conectiva 4.2 mod_auth_pgsql-0.8-4U42_3cl.i386.rpm ftp://atualizacoes.conectiva.com.br/4.2/i386/mod_auth_pgsql-0.8-4U42_3 cl.i386.rpm
  • Conectiva 5.0 mod_auth_pgsql-0.8-4U50_3cl.i386.rpm ftp://atualizacoes.conectiva.com.br/5.0/i386/mod_auth_pgsql-0.8-4U50_3 cl.i386.rpm
  • Conectiva 5.1 mod_auth_pgsql-0.8-4U51_3cl.i386.rpm ftp://atualizacoes.conectiva.com.br/5.1/i386/mod_auth_pgsql-0.8-4U51_3 cl.i386.rpm
  • Conectiva 6.0 mod_auth_pgsql-0.8-4U60_3cl.i386.rpm ftp://atualizacoes.conectiva.com.br/6.0/RPMS/mod_auth_pgsql-0.8-4U60_3 cl.i386.rpm
  • Conectiva 7.0 mod_auth_pgsql-0.9.6-1U70_2cl.i386.rpm ftp://atualizacoes.conectiva.com.br/7.0/RPMS/mod_auth_pgsql-0.9.6-1U70 _2cl.i386.rpm
  • Conectiva ecommerce mod_auth_pgsql-0.8-4U50_3cl.i386.rpm ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/i386/mod_aut h_pgsql-0.8-4U50_3cl.i386.rpm
  • Conectiva graficas mod_auth_pgsql-0.8-4U50_3cl.i386.rpm ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/i386/mod_auth _pgsql-0.8-4U50_3cl.i386.rpm
  • FreeBSD ports-4 i386 mod_auth_pgsql-0.9.9.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/www/mod _auth_pgsql-0.9.9.tgz
  • FreeBSD ports-5 i386 mod_auth_pgsql-0.9.9.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/www/mo d_auth_pgsql-0.9.9.tgz
  • Guiseppe Tanzilli mod_auth_pgsql 0.9.6 http://www.giuseppetanzilli.it/mod_auth_pgsql/dist/
  • Guiseppe Tanzilli mod_auth_pgsql 0.9.9 http://www.giuseppetanzilli.it/mod_auth_pgsql/dist/
Guiseppe Tanzilli and Matthias Eckermann mod_auth_pgsql 0.9.6
  • Conectiva 4.0 mod_auth_pgsql-0.8-4U40_3cl.i386.rpm ftp://atualizacoes.conectiva.com.br/4.0/i386/mod_auth_pgsql-0.8-4U40_3 cl.i386.rpm
  • Conectiva 4.0es mod_auth_pgsql-0.8-4U40_3cl.i386.rpm ftp://atualizacoes.conectiva.com.br/4.0es/i386/mod_auth_pgsql-0.8-4U40 _3cl.i386.rpm
  • Conectiva 4.1 mod_auth_pgsql-0.8-4U41_3cl.i386.rpm tp://atualizacoes.conectiva.com.br/4.1/i386/mod_auth_pgsql-0.8-4U41_3c l.i386.rpm
  • Conectiva 4.2 mod_auth_pgsql-0.8-4U42_3cl.i386.rpm ftp://atualizacoes.conectiva.com.br/4.2/i386/mod_auth_pgsql-0.8-4U42_3 cl.i386.rpm
  • Conectiva 5.0 mod_auth_pgsql-0.8-4U50_3cl.i386.rpm ftp://atualizacoes.conectiva.com.br/5.0/i386/mod_auth_pgsql-0.8-4U50_3 cl.i386.rpm
  • Conectiva 5.1 mod_auth_pgsql-0.8-4U51_3cl.i386.rpm ftp://atualizacoes.conectiva.com.br/5.1/i386/mod_auth_pgsql-0.8-4U51_3 cl.i386.rpm
  • Conectiva 6.0 mod_auth_pgsql-0.8-4U60_3cl.i386.rpm ftp://atualizacoes.conectiva.com.br/6.0/RPMS/mod_auth_pgsql-0.8-4U60_3 cl.i386.rpm
  • Conectiva 7.0 mod_auth_pgsql-0.9.6-1U70_2cl.i386.rpm ftp://atualizacoes.conectiva.com.br/7.0/RPMS/mod_auth_pgsql-0.9.6-1U70 _2cl.i386.rpm
  • Conectiva ecommerce mod_auth_pgsql-0.8-4U50_3cl.i386.rpm ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/i386/mod_aut h_pgsql-0.8-4U50_3cl.i386.rpm
  • Conectiva graficas mod_auth_pgsql-0.8-4U50_3cl.i386.rpm ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/i386/mod_auth _pgsql-0.8-4U50_3cl.i386.rpm
  • Guiseppe Tanzilli mod_auth_pgsql 0.9.9 http://www.giuseppetanzilli.it/mod_auth_pgsql/dist/

参考网址

来源: XF 名称: apache-postgresql-authentication-module(7054) 链接:http://www.iss.net/security_center/static/7054.php 来源: BUGTRAQ 名称: 20010829 R来源:US-CERT Advisory 2001-08:01 链接:http://marc.theaimsgroup.com/?l=bugtraq&m=99911895901812&w=2 来源: REDHAT 名称: RHSA-2001:124 链接:http://rhn.redhat.com/errata/RHSA-2001-124.html 来源: VULNWATCH 名称: 20010829 [VulnWatch] R来源:US-CERT Advisory 2001-08:01 链接:http://archives.neohapsis.com/archives/vulnwatch/2001-q3/0040.html 来源: FREEBSD 名称: FreeBSD-SA-02:03 链接:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:03.mod_auth_pgsql.asc 来源: BID 名称: 3251 链接:http://www.securityfocus.com/bid/3251 来源: CONECTIVA 名称: CLA-2001:427 链接:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000427

受影响实体

  • Guiseppe_tanzilli_and_matthias_eckermann Mod_auth_pgsql:0.9.6  
    <!--
    2000-1-1
    -->
  • Guiseppe_tanzilli_and_matthias_eckermann Mod_auth_pgsql:0.9.5  
    <!--
    2000-1-1
    -->

补丁

    暂无