The sql_escape_string function in auth/sql.c for the mailutils SQL authentication module does not properly quote the "\" (backslash) character, which is used as an escape character and makes the module vulnerable to SQL injection attacks.
References
Link | Resource |
---|---|
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=308031 | Patch Vendor Advisory |
http://www.gentoo.org/security/en/glsa/glsa-200506-02.xml |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2005-06-02T04:00:00
Updated: 2005-06-08T09:00:00
Reserved: 2005-06-02T00:00:00
Link: CVE-2005-1824
JSON object: View
NVD Information
Status : Analyzed
Published: 2005-06-02T04:00:00.000
Modified: 2008-09-05T20:50:11.870
Link: CVE-2005-1824
JSON object: View
Redhat Information
No data.
CWE