PRODUCT:
PEAR::Auth Authentication Module Package
http://pear.php.net/package/Auth
VERSIONS AFFECTED:
All versions < 1.2.4
1.3 series < 1.3.0r4
DESCRIPTION:
Multiple injection vulnerabilities exist in the PEAR::Auth module.
Some of the PEAR::Auth Container back ends do not fully validate
input from the user before presenting it to the underlying
authentication mechanisms. This allows a malicious user to
perform injection attacks against the underlying authentication
mechanism in order to falsify authentication credentials.
TIMELINE:
2006.01.30 - Vendor notified
2006.02.08 - Other developers contacted
2006.02.15 - Fix released
2006.02.21 - Public disclosure to Bugtraq
DISCOVERED BY:
Matt Van Gundy <matt-spam [at] shekinahstudios [dot] com>
^^^^^ remove the -spam to get past my spamtrap
Attachment:
signature.asc
Description: OpenPGP digital signature
