SQL injection vulnerability in mod_auth_mysql.c in the mod-auth-mysql (aka libapache2-mod-auth-mysql) module for the Apache HTTP Server 2.x, when configured to use a multibyte character set that allows a \ (backslash) as part of the character encoding, allows remote attackers to execute arbitrary SQL commands via unspecified inputs in a login request.

The remote Oracle Linux 6 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2010-1002 advisory.

    [1:3.0.0-11.1]
    - add security fix for CVE-2008-2384 (#663617)

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

From Red Hat Security Advisory 2009:0259 :

An updated mod_auth_mysql package to correct a security issue is now available for Red Hat Enterprise Linux 5.

This update has been rated as having moderate security impact by the Red Hat Security Response Team.

The mod_auth_mysql package includes an extension module for the Apache HTTP Server which can be used to implement web user authentication against a MySQL database.

A flaw was found in the way mod_auth_mysql escaped certain multibyte-encoded strings. If mod_auth_mysql was configured to use a multibyte character set that allowed a backslash '\' as part of the character encodings, a remote attacker could inject arbitrary SQL commands into a login request. (CVE-2008-2384)

Note: This flaw only affected non-default installations where AuthMySQLCharacterSet is configured to use one of the affected multibyte character sets. Installations that did not use the AuthMySQLCharacterSet configuration option were not vulnerable to this flaw.

All mod_auth_mysql users are advised to upgrade to the updated package, which contains a backported patch to resolve this issue.
After installing the update, the httpd daemon must be restarted for the fix to take effect.

A flaw was found in the way mod_auth_mysql escaped certain multibyte-encoded strings. If mod_auth_mysql was configured to use a multibyte character set that allowed a backslash ('\') as part of the character encodings, a remote attacker could inject arbitrary SQL commands into a login request. (CVE-2008-2384)

Note: This flaw only affected non-default installations where AuthMySQLCharacterSet is configured to use one of the affected multibyte character sets. Installations that did not use the AuthMySQLCharacterSet configuration option were not vulnerable to this flaw.

After installing the updated package, the httpd daemon must be restarted for the update to take effect.

A flaw was found in the way mod_auth_mysql escaped certain multibyte-encoded strings. If mod_auth_mysql was configured to use a multibyte character set that allowed a backslash '\' as part of the character encodings, a remote attacker could inject arbitrary SQL commands into a login request. (CVE-2008-2384)

Note: This flaw only affected non-default installations where AuthMySQLCharacterSet is configured to use one of the affected multibyte character sets. Installations that did not use the AuthMySQLCharacterSet configuration option were not vulnerable to this flaw.

After installing the update, the httpd daemon must be restarted for the fix to take effect.

This update of apache2-mod_auth_mysql fixes a possible SQL injection vulnerability that can be exploited using multibyte character encoding. CVE-2008-2384: CVSS v2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N): SQL Injection. (CWE-89)

There is a SQL injection vulnerability in this installation of mod_auth_mysql that may allow an attacker access to restricted areas of a website.  Successful attacks have only been demonstrated against sites with AuthMySQLCharacterSet set to big5, gbk, and sjis but other encodings may be affected.

This update fixes a security issue in mod_auth_mysql.

A flaw was found in the way mod_auth_mysql escaped certain multibyte-encoded strings. If mod_auth_mysql was configured to use a multibyte character set that allowed a backslash ('\') as part of the character encodings, a remote attacker could inject arbitrary SQL commands into a login request. (CVE-2008-2384)

Note: This flaw only affected non-default installations where AuthMySQLCharacterSet is configured to use one of the affected multibyte character sets. Installations that did not use the AuthMySQLCharacterSet configuration option were not vulnerable to this flaw.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

An updated mod_auth_mysql package that fixes one security issue is now available for Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.

The mod_auth_mysql package includes an extension module for the Apache HTTP Server, which can be used to implement web user authentication against a MySQL database.

A flaw was found in the way mod_auth_mysql escaped certain multibyte-encoded strings. If mod_auth_mysql was configured to use a multibyte character set that allowed a backslash ('\') as part of the character encodings, a remote attacker could inject arbitrary SQL commands into a login request. (CVE-2008-2384)

Note: This flaw only affected non-default installations where AuthMySQLCharacterSet is configured to use one of the affected multibyte character sets. Installations that did not use the AuthMySQLCharacterSet configuration option were not vulnerable to this flaw.

All mod_auth_mysql users are advised to upgrade to this updated package, which contains a backported patch to correct this issue.
After installing the updated package, the httpd daemon must be restarted for the update to take effect.

A vulnerability has been found and corrected in mod_auth_mysql :

SQL injection vulnerability in mod_auth_mysql.c in the mod-auth-mysql (aka libapache2-mod-auth-mysql) module for the Apache HTTP Server 2.x allows remote attackers to execute arbitrary SQL commands via multibyte character encodings for unspecified input (CVE-2008-2384).

This update provides fixes for this vulnerability.

Update :

Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers.

An updated mod_auth_mysql package to correct a security issue is now available for Red Hat Enterprise Linux 5.

This update has been rated as having moderate security impact by the Red Hat Security Response Team.

The mod_auth_mysql package includes an extension module for the Apache HTTP Server which can be used to implement web user authentication against a MySQL database.

A flaw was found in the way mod_auth_mysql escaped certain multibyte-encoded strings. If mod_auth_mysql was configured to use a multibyte character set that allowed a backslash '\' as part of the character encodings, a remote attacker could inject arbitrary SQL commands into a login request. (CVE-2008-2384)

Note: This flaw only affected non-default installations where AuthMySQLCharacterSet is configured to use one of the affected multibyte character sets. Installations that did not use the AuthMySQLCharacterSet configuration option were not vulnerable to this flaw.

All mod_auth_mysql users are advised to upgrade to the updated package, which contains a backported patch to resolve this issue.
After installing the update, the httpd daemon must be restarted for the fix to take effect.

ID	Name	Product	Family	Severity
68170	Oracle Linux 6 : mod_auth_mysql (ELSA-2010-1002)	Nessus	Oracle Linux Local Security Checks	critical
67798	Oracle Linux 5 : mod_auth_mysql (ELSA-2009-0259)	Nessus	Oracle Linux Local Security Checks	high
60928	Scientific Linux Security Update : mod_auth_mysql on SL6.x i386/x86_64	Nessus	Scientific Linux Local Security Checks	high
60533	Scientific Linux Security Update : mod_auth_mysql on SL5.x i386/x86_64	Nessus	Scientific Linux Local Security Checks	high
57156	SuSE 10 Security Update : apache2-mod_auth_mysql (ZYPP Patch Number 7683)	Nessus	SuSE Local Security Checks	high
56021	SuSE 10 Security Update : apache2-mod_auth_mysql (ZYPP Patch Number 7682)	Nessus	SuSE Local Security Checks	high
52050	Mod_auth_mysql Multibyte Encoding SQL Injection	Nessus	CGI abuses	high
51948	Fedora 13 : mod_auth_mysql-3.0.0-12.fc13 (2011-0114)	Nessus	Fedora Local Security Checks	high
51947	Fedora 14 : mod_auth_mysql-3.0.0-12.fc14 (2011-0100)	Nessus	Fedora Local Security Checks	high
51357	RHEL 6 : mod_auth_mysql (RHSA-2010:1002)	Nessus	Red Hat Local Security Checks	high
40464	Mandriva Linux Security Advisory : apache-mod_auth_mysql (MDVSA-2009:189-1)	Nessus	Mandriva Local Security Checks	high
35653	RHEL 5 : mod_auth_mysql (RHSA-2009:0259)	Nessus	Red Hat Local Security Checks	high

Detections

Analytics

CVE-2008-2384

critical

Tenable Plugins

critical

high

high

high

high

high

high

high

high

high

high

high