QwikSec

Security Database

CVE

CWE

Training

CVE-2006-0056

Published: Feb 13, 2006

Modified: Aug 7, 2024

PUBLISHED

Description

Double free vulnerability in the authentication and authentication token alteration code in PAM-MySQL 0.6.x before 0.6.2 and 0.7.x before 0.7pre3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted passwords, which lead to a double free of a pointer that was created by the pam_get_item function. NOTE: this issue only occurs in certain configurations in which there are multiple PAM modules, PAM-MySQL is not evaluated first, and there are no requisite modules before PAM-MySQL.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vdb-entry

x_refsource_BID

third-party-advisory

x_refsource_CERT-VN

vdb-entry

x_refsource_OSVDB

http://jvn.jp/cert/JVNVU%23693909/index.html

x_refsource_MISC

vdb-entry

x_refsource_SECTRACK

vdb-entry

x_refsource_VUPEN

vdb-entry

x_refsource_OSVDB

third-party-advisory

x_refsource_SECUNIA

http://sourceforge.net/forum/forum.php?forum_id=499394

x_refsource_CONFIRM

vendor-advisory

x_refsource_GENTOO

third-party-advisory

x_refsource_SECUNIA

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.