CVE-2008-2380

Related Files

Gentoo Linux Security Advisory 200903-25

Posted Mar 12, 2009

Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200903-25 - An SQL injection vulnerability has been discovered in the Courier Authentication Library. It has been reported that some parameters used in SQL queries are not properly sanitized before being processed when using a non-Latin locale Postgres database. Versions less than 0.62.2 are affected.

tags | advisory, sql injection

systems | linux, gentoo

advisories | CVE-2008-2380

SHA-256 | 4d0a513d35b3808568bc1d1acd29564ad2cb14beaca515b937b3401e5e3f0b3f

Download | Favorite | View

Debian Linux Security Advisory 1688-2

Posted Dec 30, 2008

Authored by Debian | Site debian.org

Debian Security Advisory 1688-2 - The update of courier-authlib in DSA 1688-1 caused a regression with setups that do not use mail addresses for authentification. This update fixes this regression.

tags | advisory

systems | linux, debian

advisories | CVE-2008-2380, CVE-2008-2667

SHA-256 | f1c674abc89edfd6995906bf6df08c575d2f8acbbe6f8d1eb03b079f71356346

Download | Favorite | View

Debian Linux Security Advisory 1688-1

Posted Dec 30, 2008

Authored by Debian | Site debian.org

Debian Security Advisory 1688 - Two SQL injection vulnerabilities have beein found in courier-authlib, the courier authentification library. The MySQL database interface used insufficient escaping mechanisms when constructing SQL statements, leading to SQL injection vulnerabilities if certain charsets are used (CVE-2008-2380). A similar issue affects the PostgreSQL database interface (CVE-2008-2667).

tags | advisory, vulnerability, sql injection

systems | linux, debian

advisories | CVE-2008-2380, CVE-2008-2667

SHA-256 | 9dc7b0b9ca92f9e1f59c4c6542e5d806f993baedd0e6072fa1262af0d44fbd0d

Download | Favorite | View