[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <43FBFE57.90709@shekinahstudios.com>
Date: Tue, 21 Feb 2006 22:01:59 -0800
From: Matt Van Gundy <matt@...kinahstudios.com>
To: bugtraq@...urityfocus.com
Subject: Multiple Injection Vulnerabilities in PHP PEAR::Auth Module
PRODUCT:
PEAR::Auth Authentication Module Package
http://pear.php.net/package/Auth
VERSIONS AFFECTED:
All versions < 1.2.4
1.3 series < 1.3.0r4
DESCRIPTION:
Multiple injection vulnerabilities exist in the PEAR::Auth module.
Some of the PEAR::Auth Container back ends do not fully validate
input from the user before presenting it to the underlying
authentication mechanisms. This allows a malicious user to
perform injection attacks against the underlying authentication
mechanism in order to falsify authentication credentials.
TIMELINE:
2006.01.30 - Vendor notified
2006.02.08 - Other developers contacted
2006.02.15 - Fix released
2006.02.21 - Public disclosure to Bugtraq
DISCOVERED BY:
Matt Van Gundy <matt-spam [at] shekinahstudios [dot] com>
^^^^^ remove the -spam to get past my spamtrap
Download attachment "signature.asc" of type "application/pgp-signature" (250 bytes)
Powered by blists - more mailing lists