pam_mysql where option escapes ' and " and than extra where options destroy the sql-query
Bug #237010 reported by
Ingo Reinhart
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
pam-mysql (Ubuntu) |
New
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: libpam-mysql
Hello,
if you try in your sasl-auth config with the pam_mysql.so (from libpam-mysql) the where option this breake the SQL query.
This config line:
auth required pam_mysql.so user=XXXX passwd=XXXX host=127.0.0.1 db=emailserv table=emailuser usercolumn=email passwdcolumn=
result in this (bad) query:
SELECT password FROM emailuser WHERE email = 'XXXX' AND (active=\'1\' AND postfix=\'1\')
My system:
lsb_release -rd
Description: Ubuntu 8.04
Release: 8.04
To post a comment you must log in.
Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privilege boundaries nor directly cause loss of data/privacy. Please feel free to report any other bugs you may find.