GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Sun Aug 06, 2006 9:26 pm Post subject: [ GLSA 200608-10 ] pike: SQL injection vulnerability |
 |
|
Gentoo Linux Security Advisory
Title: pike: SQL injection vulnerability (GLSA 200608-10)
Severity: normal
Exploitable: remote
Date: August 06, 2006
Updated: December 13, 2006
Bug(s): #136065
ID: 200608-10
Synopsis
A flaw in the input handling could lead to the execution of arbitrary SQL
statements in the underlying PostgreSQL database.
Background
Pike is a general purpose programming language, able to be used for
multiple tasks.
Affected Packages
Package: dev-lang/pike
Vulnerable: < 7.6.86
Unaffected: >= 7.6.86
Architectures: All supported architectures
Description
Some input is not properly sanitised before being used in a SQL
statement in the underlying PostgreSQL database.
Impact
A remote attacker could provide malicious input to a pike program,
which might result in the execution of arbitrary SQL statements.
Workaround
There is no known workaround at this time.
Resolution
All pike users should upgrade to the latest version:
| Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=dev-lang/pike-7.6.86" |
References
Secunia Advisory SA20494
CVE-2006-4041
Last edited by GLSA on Tue Aug 12, 2014 4:22 am; edited 5 times in total |
|
News & Announcements
