Debian DSA-1757-1 : auth2db - SQL injection

high Nessus Plugin ID 36047

Synopsis

The remote Debian host is missing a security-related update.

Description

It was discovered that auth2db, an IDS logger, log viewer and alert generator, is prone to a SQL injection vulnerability, when used with multibyte character encodings.

The oldstable distribution (etch) doesn't contain auth2db.

Solution

Upgrade the auth2db packages.

For the stable distribution (lenny), this problem has been fixed in version 0.2.5-2+dfsg-1+lenny1.

See Also

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=521823

https://www.debian.org/security/2009/dsa-1757

Plugin Details

Severity: High

ID: 36047

File Name: debian_DSA-1757.nasl

Version: 1.15

Type: local

Agent: unix

Published: 3/30/2009

Updated: 1/4/2021

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:auth2db, cpe:/o:debian:debian_linux:5.0

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Patch Publication Date: 3/30/2009

Reference Information

CVE: CVE-2009-1208

CWE: 89

DSA: 1757