Vigil@nce: Debian, RHEL, SQL injection in mod-auth-mysql
February 2009 by Vigil@nce
SYNTHESIS OF THE VULNERABILITY
An attacker can bypass the authentication of the mod-auth-mysql
module for Apache provided with some Linux distributions.
Gravity: 2/4
Consequences: user access/rights
Provenance: internet client
Means of attack: no proof of concept, no attack
Ability of attacker: expert (4/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Creation date: 12/02/2009
IMPACTED PRODUCTS
– Debian Linux
– Red Hat Enterprise Linux
DESCRIPTION OF THE VULNERABILITY
The mod-auth-mysql module is used to authenticates Apache users,
with credentials stored in a database. Some Linux distributions
use a special version of this module, which is different from the
official version.
When multi-bytes data are used with this special version, the
backslash (\) character is incorrectly handled. An attacker can
use it to inject SQL data in the authentication query.
An attacker can therefore bypass the authentication of the
mod-auth-mysql module for Apache provided with some Linux
distributions.
CHARACTERISTICS
Identifiers: BID-33392, CVE-2008-2384, RHSA-2009:0259-01,
VIGILANCE-VUL-8466
http://vigilance.fr/vulnerability/Debian-RHEL-SQL-injection-in-mod-auth-mysql-8466