Test Kennung:	1.3.6.1.4.1.25623.1.0.51584
Kategorie:	Conectiva Local Security Checks
Titel:	Conectiva Security Advisory CLA-2001:427
Zusammenfassung:	NOSUMMARY
Beschreibung:	Description: The remote host is missing updates announced in advisory CLA-2001:427. mod_auth_mysql is an authentication module for apache which authenticates users against a PostgreSQL database. RUS-CERT discovered a vulnerability[1][3] in several Apache authentication modules which use SQL databases to retrieve user information. This vulnerability allows a remote attacker to change the query that the module sends to the SQL server and circumvent the authentication process. This vulnerability is *still* present in the 0.9.6 version in a slightly different fashion: Username: '' select ''bla Password: bla The author has been notified and released version 0.9.9 on Sep 25th to address this problem[2]. Additionally, this is also a bugfix update for this package, which wasn't linked against the PostgreSQL libraries in our previous releases. Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade' http://www.securityspace.com/smysecure/catid.html?in=CLA-2001:427 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002001 Risk factor : High
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.