漏洞信息详情
Apache mod_auth_pgsql远程SQL查询操作漏洞
- CNNVD编号:CNNVD-200108-149
- 危害等级: 高危
![图片[1]-Apache mod_auth_pgsql远程SQL查询操作漏洞-一一网](https://www.proyy.com/skycj/data/images/2021-05-11/bbdd3e8868c10d22861b2275d65f4500.png)
- CVE编号:
CVE-2001-1379
- 漏洞类型:
SQL注入
- 发布时间:
2001-08-29
- 威胁类型:
远程
- 更新时间:
2005-10-20
- 厂 商:
guiseppe_tanzilli_and_matthias_eckermann - 漏洞来源:
This vulnerability… -
漏洞简介
PostgreSQL认证模式(1)mod_auth_pgsql 0.9.5,(2)mod_auth_pgsql_sys 0.9.4存在漏洞。远程攻击者可以借助用户名上的SQL注入攻击绕过认证并执行任意SQL。
漏洞公告
Version 0.9.6 was still found to be prone to remote SQL query manipulation, so the vendor has released 0.9.9 to address this.
Conectiva has also released upgrades.
Guiseppe Tanzilli and Matthias Eckermann mod_auth_pgsql 0.9.5
-
Conectiva 4.0 mod_auth_pgsql-0.8-4U40_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.0/i386/mod_auth_pgsql-0.8-4U40_3
cl.i386.rpm -
Conectiva 4.0es mod_auth_pgsql-0.8-4U40_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.0es/i386/mod_auth_pgsql-0.8-4U40
_3cl.i386.rpm -
Conectiva 4.1 mod_auth_pgsql-0.8-4U41_3cl.i386.rpm
tp://atualizacoes.conectiva.com.br/4.1/i386/mod_auth_pgsql-0.8-4U41_3c
l.i386.rpm -
Conectiva 4.2 mod_auth_pgsql-0.8-4U42_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.2/i386/mod_auth_pgsql-0.8-4U42_3
cl.i386.rpm -
Conectiva 5.0 mod_auth_pgsql-0.8-4U50_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.0/i386/mod_auth_pgsql-0.8-4U50_3
cl.i386.rpm -
Conectiva 5.1 mod_auth_pgsql-0.8-4U51_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.1/i386/mod_auth_pgsql-0.8-4U51_3
cl.i386.rpm -
Conectiva 6.0 mod_auth_pgsql-0.8-4U60_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/mod_auth_pgsql-0.8-4U60_3
cl.i386.rpm -
Conectiva 7.0 mod_auth_pgsql-0.9.6-1U70_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/mod_auth_pgsql-0.9.6-1U70
_2cl.i386.rpm -
Conectiva ecommerce mod_auth_pgsql-0.8-4U50_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/i386/mod_aut
h_pgsql-0.8-4U50_3cl.i386.rpm -
Conectiva graficas mod_auth_pgsql-0.8-4U50_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/i386/mod_auth
_pgsql-0.8-4U50_3cl.i386.rpm -
FreeBSD ports-4 i386 mod_auth_pgsql-0.9.9.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/www/mod
_auth_pgsql-0.9.9.tgz -
FreeBSD ports-5 i386 mod_auth_pgsql-0.9.9.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/www/mo
d_auth_pgsql-0.9.9.tgz -
Guiseppe Tanzilli mod_auth_pgsql 0.9.6
http://www.giuseppetanzilli.it/mod_auth_pgsql/dist/ -
Guiseppe Tanzilli mod_auth_pgsql 0.9.9
http://www.giuseppetanzilli.it/mod_auth_pgsql/dist/
Guiseppe Tanzilli and Matthias Eckermann mod_auth_pgsql 0.9.6
-
Conectiva 4.0 mod_auth_pgsql-0.8-4U40_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.0/i386/mod_auth_pgsql-0.8-4U40_3
cl.i386.rpm -
Conectiva 4.0es mod_auth_pgsql-0.8-4U40_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.0es/i386/mod_auth_pgsql-0.8-4U40
_3cl.i386.rpm -
Conectiva 4.1 mod_auth_pgsql-0.8-4U41_3cl.i386.rpm
tp://atualizacoes.conectiva.com.br/4.1/i386/mod_auth_pgsql-0.8-4U41_3c
l.i386.rpm -
Conectiva 4.2 mod_auth_pgsql-0.8-4U42_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.2/i386/mod_auth_pgsql-0.8-4U42_3
cl.i386.rpm -
Conectiva 5.0 mod_auth_pgsql-0.8-4U50_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.0/i386/mod_auth_pgsql-0.8-4U50_3
cl.i386.rpm -
Conectiva 5.1 mod_auth_pgsql-0.8-4U51_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.1/i386/mod_auth_pgsql-0.8-4U51_3
cl.i386.rpm -
Conectiva 6.0 mod_auth_pgsql-0.8-4U60_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/mod_auth_pgsql-0.8-4U60_3
cl.i386.rpm -
Conectiva 7.0 mod_auth_pgsql-0.9.6-1U70_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/mod_auth_pgsql-0.9.6-1U70
_2cl.i386.rpm -
Conectiva ecommerce mod_auth_pgsql-0.8-4U50_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/i386/mod_aut
h_pgsql-0.8-4U50_3cl.i386.rpm -
Conectiva graficas mod_auth_pgsql-0.8-4U50_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/i386/mod_auth
_pgsql-0.8-4U50_3cl.i386.rpm -
Guiseppe Tanzilli mod_auth_pgsql 0.9.9
http://www.giuseppetanzilli.it/mod_auth_pgsql/dist/
参考网址
来源: XF
名称: apache-postgresql-authentication-module(7054)
链接:http://www.iss.net/security_center/static/7054.php
来源: BUGTRAQ
名称: 20010829 R来源:US-CERT Advisory 2001-08:01
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=99911895901812&w=2
来源: REDHAT
名称: RHSA-2001:124
链接:http://rhn.redhat.com/errata/RHSA-2001-124.html
来源: VULNWATCH
名称: 20010829 [VulnWatch] R来源:US-CERT Advisory 2001-08:01
链接:http://archives.neohapsis.com/archives/vulnwatch/2001-q3/0040.html
来源: FREEBSD
名称: FreeBSD-SA-02:03
链接:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:03.mod_auth_pgsql.asc
来源: BID
名称: 3251
链接:http://www.securityfocus.com/bid/3251
来源: CONECTIVA
名称: CLA-2001:427
链接:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000427
![[桜井宁宁]COS和泉纱雾超可爱写真福利集-一一网](https://www.proyy.com/skycj/data/images/2020-12-13/4d3cf227a85d7e79f5d6b4efb6bde3e8.jpg)
![[桜井宁宁] 爆乳奶牛少女cos写真-一一网](https://www.proyy.com/skycj/data/images/2020-12-13/d40483e126fcf567894e89c65eaca655.jpg)
