September 12, 2001

SuSE: 'apache-contrib' mod_auth_mysql authentication bypass

Author: JT Smith

Posted at LinuxSecurity.com: "The Apache module mod_auth_mysql 1.4,which is shipped since SuSE Linux 7.1,
was found vulnerable to possible bypass authentication by MySQL command
injection.
An adversary could insert MySQL commands along with a password and these
commands will be interpreted by MySQL while mod_auth_mysql is doing the
password lookup in the database. A positive authentication could be returned."

Category:

  • Linux
Click Here!