Amaya Rodrigo Sastre
2011-Jul-12 11:40 UTC
[Secure-testing-team] Bug#633637: Exploitable remotely: SQL injection
Package: libapache2-mod-authnz-external
Version: 3.2.4-2
Severity: critical
Tags: security patch
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi there,
According to
http://code.google.com/p/mod-auth-external/issues/detail?id=5 there''s a
possible remote sql injection bug. The fix is a two liner:
- --- trunk/mod_authnz_external/mysql/mysql-auth.pl
+++ trunk/mod_authnz_external/mysql/mysql-auth.pl
@@ -62,8 +62,10 @@
exit 1;
}
- -my $dbq = $dbh->prepare("select username as username, password as
password from users where username=\''$user\'';");
+my $dbq = $dbh->prepare("select username as username, password as
password from users where username=?;");
+$dbq->bind_param(1, $user);
$dbq->execute;
+
my $row = $dbq->fetchrow_hashref();
if ($row->{username} eq "") {
Thanks!
- -- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (500, ''unstable''), (500,
''testing''), (100, ''experimental'')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.39-2-amd64 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages libapache2-mod-authnz-external depends on:
ii apache2.2-common 2.2.19-1 Apache HTTP Server common files
pn libc6 <none> (no description available)
Versions of packages libapache2-mod-authnz-external recommends:
ii pwauth 2.3.8-1 authenticator for mod_authnz_exter
libapache2-mod-authnz-external suggests no packages.
- -- no debconf information
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iEYEARECAAYFAk4cMpUACgkQNFDtUT/MKpAAlwCgqrEBO0A+HUB4eLWSpOf5RUf7
kGkAoKTMd0zZUneJvsHnj7O+DfxXFbMZ
=w70I
-----END PGP SIGNATURE-----