ID CVE-2006-4041
Summary SQL injection vulnerability in Pike before 7.6.86, when using a Postgres database server, allows remote attackers to execute arbitrary SQL commands via unspecified attack vectors.
References
Vulnerable Configurations
  • cpe:2.3:a:pike:pike:0.4_pl8
    cpe:2.3:a:pike:pike:0.4_pl8
  • cpe:2.3:a:pike:pike:0.5
    cpe:2.3:a:pike:pike:0.5
  • cpe:2.3:a:pike:pike:0.6
    cpe:2.3:a:pike:pike:0.6
  • cpe:2.3:a:pike:pike:7.0
    cpe:2.3:a:pike:pike:7.0
  • cpe:2.3:a:pike:pike:7.2
    cpe:2.3:a:pike:pike:7.2
  • cpe:2.3:a:pike:pike:7.4
    cpe:2.3:a:pike:pike:7.4
  • cpe:2.3:a:pike:pike:7.4.327
    cpe:2.3:a:pike:pike:7.4.327
  • cpe:2.3:a:pike:pike:7.4.328
    cpe:2.3:a:pike:pike:7.4.328
  • cpe:2.3:a:pike:pike:7.6
    cpe:2.3:a:pike:pike:7.6
  • cpe:2.3:a:pike:pike:7.6.36
    cpe:2.3:a:pike:pike:7.6.36
  • cpe:2.3:a:pike:pike:7.6.66
    cpe:2.3:a:pike:pike:7.6.66
CVSS
Base: 7.5 (as of 10-08-2006 - 12:40)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-367-1.NASL
    description A SQL injection was discovered in Pike's PostgreSQL module. Applications using a PostgreSQL database and uncommon character encodings could be fooled into running arbitrary SQL commands, which could result in privilege escalation within the application, application data exposure, or denial of service. Please refer to http://www.ubuntu.com/usn/usn-288-1 for more detailled information. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-08-15
    plugin id 27947
    published 2007-11-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27947
    title Ubuntu 5.04 : pike7.6 vulnerability (USN-367-1)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200608-10.NASL
    description The remote host is affected by the vulnerability described in GLSA-200608-10 (pike: SQL injection vulnerability) Some input is not properly sanitised before being used in a SQL statement in the underlying PostgreSQL database. Impact : A remote attacker could provide malicious input to a pike program, which might result in the execution of arbitrary SQL statements. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-12-18
    plugin id 22168
    published 2006-08-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22168
    title GLSA-200608-10 : pike: SQL injection vulnerability
refmap via4
bid 19367
confirm http://pike.ida.liu.se/download/notes/7.6.86.xml
gentoo GLSA-200608-10
secunia
  • 20494
  • 21362
  • 22481
ubuntu USN-367-1
vupen ADV-2006-2209
xf pike-sql-injection(26992)
Last major update 07-03-2011 - 21:40
Published 09-08-2006 - 19:04
Last modified 19-07-2017 - 21:32
Back to Top