N/A

Double free vulnerability in the authentication and authentication token alteration code in PAM-MySQL 0.6.x before 0.6.2 and 0.7.x before 0.7pre3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted passwords, which lead to a double free of a pointer that was created by the pam_get_item function. NOTE: this issue only occurs in certain configurations in which there are multiple PAM modules, PAM-MySQL is not evaluated first, and there are no requisite modules before PAM-MySQL.

N/A

N/A

PAM-MySQL双重释放漏洞

PAM-MySQL 0.6.2之前的0.6.x版以及0.7pre3之前的0.7.x版的认证和认证令牌更改代码中存在双重释放漏洞。远程攻击者可以借助特制密码(会导致由pam_get_item功能创建的指针双重释放)造成拒绝服务(应用程序崩溃)，并可能执行任意代码。注意：只有在特定配置中才可能出现这个问题，即有多个PAM模块，不首先计算PAM-MySQL，而且在PAM-MySQL之前没有必要的模块。

N/A

N/A