Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2008-2380

SQL injection vulnerability in authpgsqllib.c in Courier-Authlib before 0.62.0, when a non-Latin locale Postgres database is used, allows remote attackers to execute arbitrary SQL commands via query parameters containing apostrophes.

Related bugs and status

CVE-2008-2380 (Candidate) is related to these bugs:

Bug #309837: please mere courier-authlib 0.61.0-1+lenny1 from debian main

Summary				In	Importance	Status
	309837	please mere courier-authlib 0.61.0-1+lenny1 from debian main		courier-authlib (Ubuntu)	Wishlist	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://www.courier-mta...
BID: 32926
SECUNIA: 33235
OSVDB: 50811
GENTOO: GLSA-200903-25
SECUNIA: 34234
XF: courier-library-postgr...