CVE-2005-1824 - The sql_escape_string function in auth/sql.c for the mailutils SQL authentication module does not pr

CVE-2005-1824

Summary

The sql_escape_string function in auth/sql.c for the mailutils SQL authentication module does not properly quote the "\" (backslash) character, which is used as an escape character and makes the module vulnerable to SQL injection attacks.

References

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=308031
http://www.gentoo.org/security/en/glsa/glsa-200506-02.xml

Vulnerable Configurations

cpe:2.3:a:gnu:mailutils:1.0.6.1.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:mailutils:1.0.6.1.1:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 05-09-2008 - 20:50)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

confirm	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=308031
gentoo	GLSA-200506-02

Last major update

05-09-2008 - 20:50

Published

02-06-2005 - 04:00

Last modified

05-09-2008 - 20:50