Ubuntu
libgda2 package

SQL injection if use ; on the data

Bug #642271 reported by Pablo Catalina
258
This bug affects 1 person
Affects Status Importance Assigned to Milestone
libgda2 (Ubuntu)
Confirmed
Undecided
Unassigned

Bug Description

The libgda2 have a sqlinjection on all the databases if you use the character ; on the data. All the software that use libgda2 is affected by these bug.

You can check it at:
root@fastfoot-ng:/usr/local/src# apt-get source libgda2-3
Leyendo lista de paquetes... Hecho
Creando árbol de dependencias
Leyendo la información de estado... Hecho
Necesito descargar 1825kB de archivos fuente.
Des:1 http://archive.ubuntu.com hardy/universe libgda2 1.2.4-1 (dsc) [1260B]
Des:2 http://archive.ubuntu.com hardy/universe libgda2 1.2.4-1 (tar) [1815kB]
Des:3 http://archive.ubuntu.com hardy/universe libgda2 1.2.4-1 (diff) [8974B]
Descargados 1825kB en 1s (1144kB/s)

root@fastfoot-ng:/usr/local/src/libgda2-1.2.4# grep -nr 'arr = g_strsplit (sql, ";", 0);' .
./providers/xml/gda-xml-provider.c:283: arr = g_strsplit (sql, ";", 0);
./providers/mysql/gda-mysql-provider.c:327: arr = g_strsplit (sql, ";", 0);
./providers/postgres/gda-postgres-provider.c:611: arr = g_strsplit (sql, ";", 0);
./providers/firebird/gda-firebird-provider.c:1078: arr = g_strsplit (sql, ";", 0);
./providers/freetds/gda-freetds-provider.c:955: arr = g_strsplit (sql, ";", 0);
./providers/ibmdb2/gda-ibmdb2-provider.c:454: arr = g_strsplit (sql, ";", 0);
./providers/oracle/gda-oracle-provider.c:578: arr = g_strsplit (sql, ";", 0);
./providers/sybase/gda-sybase-provider.c:648: arr = g_strsplit (sql, ";", 0);

Pablo Catalina (xkill)
visibility: private → public
Pablo Catalina (xkill)
Changed in libgda2 (Ubuntu):
status: New → Confirmed
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.