Vulnerability Details CVE-2005-4713
Unspecified vulnerability in the SQL logging facility in PAM-MySQL 0.6.x before 0.6.2 and 0.7.x before 0.7pre3 allows remote attackers to cause a denial of service (segmentation fault) via unspecified vectors, probably involving the pam_mysql_sql_log function when being used in vsftpd, which does not include the IP address argument to an sprintf call.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.013
EPSS Ranking 78.6%
CVSS Severity
CVSS v2 Score 5.0
References
- http://secunia.com/advisories/18598
- http://secunia.com/advisories/20690
- http://sourceforge.net/forum/forum.php?forum_id=499394
- http://sourceforge.net/tracker/index.php?func=detail&aid=1256243&group_id=5741&atid=305741
- http://www.gentoo.org/security/en/glsa/glsa-200606-18.xml
- http://www.securityfocus.com/bid/16564
- http://www.vupen.com/english/advisories/2006/0490
- http://secunia.com/advisories/18598
- http://secunia.com/advisories/20690
- http://sourceforge.net/forum/forum.php?forum_id=499394
- http://sourceforge.net/tracker/index.php?func=detail&aid=1256243&group_id=5741&atid=305741
- http://www.gentoo.org/security/en/glsa/glsa-200606-18.xml
- http://www.securityfocus.com/bid/16564
- http://www.vupen.com/english/advisories/2006/0490
Products affected by CVE-2005-4713
-
cpe:2.3:a:pam_mysql:pam_mysql:0.1
-
cpe:2.3:a:pam_mysql:pam_mysql:0.2
-
cpe:2.3:a:pam_mysql:pam_mysql:0.3
-
cpe:2.3:a:pam_mysql:pam_mysql:0.4
-
cpe:2.3:a:pam_mysql:pam_mysql:0.4.7
-
cpe:2.3:a:pam_mysql:pam_mysql:0.5
-
cpe:2.3:a:pam_mysql:pam_mysql:0.6
-
cpe:2.3:a:pam_mysql:pam_mysql:0.7_pre1
-
cpe:2.3:a:pam_mysql:pam_mysql:0.7_pre2