subject:"Bug#307796\: xtradius\: sql injection in authmysql"

Bug#307796: xtradius: sql injection in authmysql

2005-05-13 Thread Russ Allbery

severity 307796 normal thanks > Package: xtradius > Severity: grave > Tags: security > Justification: user security hole > > There is no user input verification whatsoever. In > /contrib/authmysql/authmysql.c username supplied by user is fed directly > to database. Er, unless I'm missing somethi

Bug#307796: xtradius: sql injection in authmysql

2005-05-05 Thread Primoz Bratanic

Package: xtradius Severity: grave Tags: security Justification: user security hole -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 There is no user input verification whatsoever. In /contrib/authmysql/authmysql.c username supplied by user is fed directly to database. Primoz Bratanic - -- Syst