Vulnerability Note VU#693909

PAM-MySQL contains a double-free vulnerability

Overview

PAM-MySQL contains a double-free vulnerability that may allow a remote attacker to execute arbitrary code or cause a denial-of-service condition.

I. Description

PAM-MySQL provides a Pluggable Authentication Module (PAM) interface to a MySQL database. PAM-MySQL does not securely handle a pointer returned by the pam_get_item() routine, which results in a double-free vulnerability. The vulnerability exists if the following conditions are present:

Two or more PAM modules are stacked.
The PAM-MySQL module is not the first in the stack.
Any of the modules preceding the PAM-MySQL module are not marked as requisite.

II. Impact

If a remote attacker supplies a specially crafted password to a vulnerable PAM-MySQL installation, that attacker may be able to crash the PAM-MySQL process. Note that it may be possible to exploit this vulnerability to execute arbitrary code.

III. Solution

Upgrade PAM-MySQL

Upgrading to PAM-MySQL version 0.6.2 or PAM-MySQL version 0.7pre3 will correct this issue.

Systems Affected

Vendor	Status	Date Notified	Date Updated
Ricoh Corporation	Not Vulnerable	17-May-2006

References

http://jvn.jp/cert/JVNVU%23693909/index.html
http://pam-mysql.sourceforge.net/News/00005.php
http://sourceforge.net/forum/forum.php?forum_id=499394

Credit

This vulnerability was reported by Moriyoshi Koizumi.

This document was written by Jeff Gennari.

Other Information

Date Public:	2005-09-28
Date First Published:	2006-02-08
Date Last Updated:	2006-05-17
CERT Advisory:
CVE-ID(s):	CVE-2006-0056
NVD-ID(s):	CVE-2006-0056
US-CERT Technical Alerts:
Metric:	3.94
Document Revision:	35

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Produced 2006 by US-CERT, a government organization
Disclaimers and copyright information

Get Adobe Reader