CVE-2006-0056 - Vulnerability Details - OpenCVE

Double free vulnerability in the authentication and authentication token alteration code in PAM-MySQL 0.6.x before 0.6.2 and 0.7.x before 0.7pre3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted passwords, which lead to a double free of a pointer that was created by the pam_get_item function. NOTE: this issue only occurs in certain configurations in which there are multiple PAM modules, PAM-MySQL is not evaluated first, and there are no requisite modules before PAM-MySQL.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Pam-mysql	Pam-mysql

Configuration 1 [-]

OR	cpe:2.3:a:pam-mysql:pam-mysql:0.1:::::::*
	cpe:2.3:a:pam-mysql:pam-mysql:0.2:::::::*
	cpe:2.3:a:pam-mysql:pam-mysql:0.3:::::::*
	cpe:2.3:a:pam-mysql:pam-mysql:0.4:::::::*
	cpe:2.3:a:pam-mysql:pam-mysql:0.4.7:::::::*
	cpe:2.3:a:pam-mysql:pam-mysql:0.5:::::::*
	cpe:2.3:a:pam-mysql:pam-mysql:0.6:::::::*
	cpe:2.3:a:pam-mysql:pam-mysql:0.7_pre1:::::::*
	cpe:2.3:a:pam-mysql:pam-mysql:0.7_pre2:::::::*

No data.

References

Link	Providers
http://jvn.jp/cert/JVNVU%23693909/index.html
http://secunia.com/advisories/18598
http://secunia.com/advisories/20690
http://securitytracker.com/id?1015603
http://sourceforge.net/forum/forum.php?forum_id=499394
http://www.gentoo.org/security/en/glsa/glsa-200606-18.xml
http://www.kb.cert.org/vuls/id/693909
http://www.osvdb.org/22994
http://www.osvdb.org/22995
http://www.securityfocus.com/bid/16564
http://www.vupen.com/english/advisories/2006/0490

History

No history.

MITRE

Status: PUBLISHED

Assigner: certcc

Published: 2006-02-13T11:00:00

Updated: 2024-08-07T16:18:20.722Z

Reserved: 2006-01-01T00:00:00

Link: CVE-2006-0056

Vulnrichment

No data.

NVD

Status : Modified

Published: 2006-02-13T11:06:00.000

Modified: 2024-11-21T00:05:33.080

Link: CVE-2006-0056

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2005-09-28T00:00:00", "descriptions": [{"lang": "en", "value": "Double free vulnerability in the authentication and authentication token alteration code in PAM-MySQL 0.6.x before 0.6.2 and 0.7.x before 0.7pre3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted passwords, which lead to a double free of a pointer that was created by the pam_get_item function. NOTE: this issue only occurs in certain configurations in which there are multiple PAM modules, PAM-MySQL is not evaluated first, and there are no requisite modules before PAM-MySQL."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2006-02-17T10:00:00", "orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc"}, "references": [{"name": "16564", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/16564"}, {"name": "VU#693909", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "http://www.kb.cert.org/vuls/id/693909"}, {"name": "22994", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/22994"}, {"tags": ["x_refsource_MISC"], "url": "http://jvn.jp/cert/JVNVU%23693909/index.html"}, {"name": "1015603", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1015603"}, {"name": "ADV-2006-0490", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/0490"}, {"name": "22995", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/22995"}, {"name": "18598", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/18598"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://sourceforge.net/forum/forum.php?forum_id=499394"}, {"name": "GLSA-200606-18", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200606-18.xml"}, {"name": "20690", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/20690"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cert@cert.org", "ID": "CVE-2006-0056", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Double free vulnerability in the authentication and authentication token alteration code in PAM-MySQL 0.6.x before 0.6.2 and 0.7.x before 0.7pre3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted passwords, which lead to a double free of a pointer that was created by the pam_get_item function. NOTE: this issue only occurs in certain configurations in which there are multiple PAM modules, PAM-MySQL is not evaluated first, and there are no requisite modules before PAM-MySQL."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "16564", "refsource": "BID", "url": "http://www.securityfocus.com/bid/16564"}, {"name": "VU#693909", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/693909"}, {"name": "22994", "refsource": "OSVDB", "url": "http://www.osvdb.org/22994"}, {"name": "http://jvn.jp/cert/JVNVU%23693909/index.html", "refsource": "MISC", "url": "http://jvn.jp/cert/JVNVU%23693909/index.html"}, {"name": "1015603", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1015603"}, {"name": "ADV-2006-0490", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/0490"}, {"name": "22995", "refsource": "OSVDB", "url": "http://www.osvdb.org/22995"}, {"name": "18598", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/18598"}, {"name": "http://sourceforge.net/forum/forum.php?forum_id=499394", "refsource": "CONFIRM", "url": "http://sourceforge.net/forum/forum.php?forum_id=499394"}, {"name": "GLSA-200606-18", "refsource": "GENTOO", "url": "http://www.gentoo.org/security/en/glsa/glsa-200606-18.xml"}, {"name": "20690", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/20690"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T16:18:20.722Z"}, "title": "CVE Program Container", "references": [{"name": "16564", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/16564"}, {"name": "VU#693909", "tags": ["third-party-advisory", "x_refsource_CERT-VN", "x_transferred"], "url": "http://www.kb.cert.org/vuls/id/693909"}, {"name": "22994", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/22994"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://jvn.jp/cert/JVNVU%23693909/index.html"}, {"name": "1015603", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1015603"}, {"name": "ADV-2006-0490", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2006/0490"}, {"name": "22995", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/22995"}, {"name": "18598", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/18598"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://sourceforge.net/forum/forum.php?forum_id=499394"}, {"name": "GLSA-200606-18", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200606-18.xml"}, {"name": "20690", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/20690"}]}]}, "cveMetadata": {"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "assignerShortName": "certcc", "cveId": "CVE-2006-0056", "datePublished": "2006-02-13T11:00:00", "dateReserved": "2006-01-01T00:00:00", "dateUpdated": "2024-08-07T16:18:20.722Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:pam-mysql:pam-mysql:0.1:*:*:*:*:*:*:*", "matchCriteriaId": "89B29AFD-6EA6-4AEE-83F7-94AE927C5AEA", "vulnerable": true}, {"criteria": "cpe:2.3:a:pam-mysql:pam-mysql:0.2:*:*:*:*:*:*:*", "matchCriteriaId": "E3BFC22D-75CF-4104-87D1-E71CB054905E", "vulnerable": true}, {"criteria": "cpe:2.3:a:pam-mysql:pam-mysql:0.3:*:*:*:*:*:*:*", "matchCriteriaId": "E0B82080-5499-46A8-8F3A-EB9BAB36C5B7", "vulnerable": true}, {"criteria": "cpe:2.3:a:pam-mysql:pam-mysql:0.4:*:*:*:*:*:*:*", "matchCriteriaId": "C87D5EFC-27F3-4F37-87CA-AC120C9A9D89", "vulnerable": true}, {"criteria": "cpe:2.3:a:pam-mysql:pam-mysql:0.4.7:*:*:*:*:*:*:*", "matchCriteriaId": "2D23FBC9-0628-4CF2-AB25-0FC59FE539DD", "vulnerable": true}, {"criteria": "cpe:2.3:a:pam-mysql:pam-mysql:0.5:*:*:*:*:*:*:*", "matchCriteriaId": "425E4F3B-4B28-4283-ACD5-494BEE2A1866", "vulnerable": true}, {"criteria": "cpe:2.3:a:pam-mysql:pam-mysql:0.6:*:*:*:*:*:*:*", "matchCriteriaId": "0530FA7E-BD7A-4D5F-A3F5-3A7BD6C37030", "vulnerable": true}, {"criteria": "cpe:2.3:a:pam-mysql:pam-mysql:0.7_pre1:*:*:*:*:*:*:*", "matchCriteriaId": "52E62A7D-FD21-484D-89D2-DDC398A18CEA", "vulnerable": true}, {"criteria": "cpe:2.3:a:pam-mysql:pam-mysql:0.7_pre2:*:*:*:*:*:*:*", "matchCriteriaId": "4CE9F00A-6938-487C-AC29-61AF37A25B12", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Double free vulnerability in the authentication and authentication token alteration code in PAM-MySQL 0.6.x before 0.6.2 and 0.7.x before 0.7pre3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted passwords, which lead to a double free of a pointer that was created by the pam_get_item function. NOTE: this issue only occurs in certain configurations in which there are multiple PAM modules, PAM-MySQL is not evaluated first, and there are no requisite modules before PAM-MySQL."}], "id": "CVE-2006-0056", "lastModified": "2024-11-21T00:05:33.080", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": true, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-02-13T11:06:00.000", "references": [{"source": "cret@cert.org", "url": "http://jvn.jp/cert/JVNVU%23693909/index.html"}, {"source": "cret@cert.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/18598"}, {"source": "cret@cert.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/20690"}, {"source": "cret@cert.org", "tags": ["Patch"], "url": "http://securitytracker.com/id?1015603"}, {"source": "cret@cert.org", "url": "http://sourceforge.net/forum/forum.php?forum_id=499394"}, {"source": "cret@cert.org", "url": "http://www.gentoo.org/security/en/glsa/glsa-200606-18.xml"}, {"source": "cret@cert.org", "tags": ["Patch", "Third Party Advisory", "US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/693909"}, {"source": "cret@cert.org", "url": "http://www.osvdb.org/22994"}, {"source": "cret@cert.org", "url": "http://www.osvdb.org/22995"}, {"source": "cret@cert.org", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/16564"}, {"source": "cret@cert.org", "url": "http://www.vupen.com/english/advisories/2006/0490"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://jvn.jp/cert/JVNVU%23693909/index.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/18598"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/20690"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://securitytracker.com/id?1015603"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://sourceforge.net/forum/forum.php?forum_id=499394"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.gentoo.org/security/en/glsa/glsa-200606-18.xml"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory", "US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/693909"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/22994"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/22995"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/16564"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2006/0490"}], "sourceIdentifier": "cret@cert.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}