Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 21 Jan 2009 11:46:41 -0500
From: Steffen Joeris <>
Subject: mod-auth-mysql: SQL injection


The following issue can now be made public. Please note that this describes 
the software used in debian as mod-auth-mysql (binary name is 
libapache2-mod-auth-mysql). It is different from the SF project.

Package        : mod-auth-mysql
Vulnerability  : SQL injection vulnerability
Problem type   : remote
Debian-specific: no
CVE Id         : CVE-2008-2384

Martin Joey Schulze discovered that mod-auth-mysq, an apache 2 module
for mysql authentication, is prone to an SQL injection due to
insufficient escaping mechanisms, when multybite character encodings are

The link[0] points to the patch. Please credit Martin Joey Schulze for writing 



Download attachment "signature.asc " of type "application/pgp-signature" (198 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ