SQL injection vulnerability in authpgsqllib.c in Courier-Authlib before 0.62.0, when a non-Latin locale Postgres database is used, allows remote attackers to execute arbitrary SQL commands via query parameters containing apostrophes.

Insufficient quoting allowed attackers to inject SQL statements when using the pgsql backend (CVE-2008-2380).

The remote host is affected by the vulnerability described in GLSA-200903-25 (Courier Authentication Library: SQL Injection vulnerability)

    It has been reported that some parameters used in SQL queries are not     properly sanitized before being processed when using a non-Latin locale     Postgres database.
  Impact :

    A remote attacker could send specially crafted input to an application     using the library, possibly resulting in the execution of arbitrary SQL     commands.
  Workaround :

    There is no known workaround at this time.

Two SQL injection vulnerabilities have been found in courier-authlib, the courier authentification library. The MySQL database interface used insufficient escaping mechanisms when constructing SQL statements, leading to SQL injection vulnerabilities if certain charsets are used (CVE-2008-2380 ). A similar issue affects the PostgreSQL database interface (CVE-2008-2667 ).

ID	Name	Product	Family	Severity
40206	openSUSE Security Update : courier-authlib (courier-authlib-391)	Nessus	SuSE Local Security Checks	medium
40205	openSUSE Security Update : courier-authlib (courier-authlib-370)	Nessus	SuSE Local Security Checks	medium
39940	openSUSE Security Update : courier-authlib (courier-authlib-370)	Nessus	SuSE Local Security Checks	medium
35912	GLSA-200903-25 : Courier Authentication Library: SQL Injection vulnerability	Nessus	Gentoo Local Security Checks	medium
35245	openSUSE 10 Security Update : courier-authlib (courier-authlib-5871)	Nessus	SuSE Local Security Checks	medium
35225	Debian DSA-1688-1 : courier-authlib - SQL injection	Nessus	Debian Local Security Checks	medium

Detections

Analytics

CVE-2008-2380

critical

Tenable Plugins

medium

medium

medium

medium

medium

medium