Debian Security Advisory DSA 1757-1 (auth2db) Network Vulnerability

Summary

The remote host is missing an update to auth2db announced via advisory DSA 1757-1.

Solution

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201757-1

Insight

It was discovered that auth2db, an IDS logger, log viewer and alert generator, is prone to an SQL injection vulnerability, when used with multibyte character encodings. For the stable distribution (lenny), this problem has been fixed in version 0.2.5-2+dfsg-1+lenny1. The oldstable distribution (etch) doesn't contain auth2db. For the testing distribution (squeeze), this problem will be fixed soon. For the unstable distribution (sid), this problem has been fixed in version 0.2.5-2+dfsg-1.1. We recommend that you upgrade your auth2db packages.

Severity

Classification

CVE CVE-2009-1208

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Debian Security Advisory DSA 1016-1 (evolution)
Debian Security Advisory DSA 090-1 (xtel)
Debian Security Advisory DSA 108-1 (wmtv)
Debian Security Advisory DSA 053-1 (nedit)
Debian Security Advisory DSA 081-1 (w3m, w3m-ssl)

Take action and discover your vulnerabilities