SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (E-mail Server)  >   Courier Mail Server Vendors:   Double Precision, Inc.
Courier Mail Transfer Agent May Let Remote Users Inject and Execute SQL Statements
SecurityTracker Alert ID:  1006101
SecurityTracker URL:  http://securitytracker.com/id/1006101
CVE Reference:   CVE-2003-0040   (Links to External Site)
Date:  Feb 13 2003
Impact:   Execution of arbitrary code via network, Modification of system information, Modification of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 0.41.0
Description:   An input validation vulnerability was reported in the Courier mail server. A remote user could inject SQL commands to be executed by the underlying PostgreSQL server.

It was reported that the append_username() function in the 'authlib/authpgsqllib.c' file did not properly escape user-supplied input in the username field. If PostgreSQL is used as the authentication database, a remote user could submit a specially crafted username value to cause the underlying PostgreSQL server to execute arbitrary SQL commands. The code did not filter "\'" single quote characters.

Other databases (e.g., LDAP, MySQL) are reportedly not affected.

Impact:   A remote user could inject SQL commands to be executed by the underlying PostreSQL database.
Solution:   The vendor has released a fixed version (0.41.0), available at:

http://www.courier-mta.org/download.php
http://prdownloads.sourceforge.net/courier/courier-0.41.0.tar.bz2

Vendor URL:  sourceforge.net/project/shownotes.php?group_id=5404&release_id=93065 (Links to External Site)
Cause:   Input validation error
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
(Debian Issues Fix) Courier Mail Transfer Agent May Let Remote Users Inject and Execute SQL Statements
Debian has released a fix.



 Source Message Contents

Subject:  Courier MTA bug


http://sourceforge.net/project/shownotes.php?group_id=5404&release_id=93065

Release Name: 0.41.0

> The release also includes an enhanced PostgreSQL module. A potential exploit in the
> PostgreSQL module is also fixed.


> 2003-01-23 Mr. Sam <mrsam@courier-mta.com>
> 
>     * authlib/authpgsqllib.c (append_username): Escape 's too.


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC