- --------------------------------------------------------------------------
Debian Security Advisory DSA 347-1                     security@debian.org 
Debian -- Security Information                              Matt Zimmerman
July 8th, 2003                           Debian -- Debian security FAQ 
- --------------------------------------------------------------------------

Package        : teapop
Vulnerability  : SQL injection
Problem-Type   : remote
Debian-specific: no
CVE Ids        : CAN-2003-0515

teapop, a POP-3 server, includes modules for authenticating usersagainst a PostgreSQL or MySQL database.  These modules do not properly
escape user-supplied strings before using them in SQL queries.  This
vulnerability could be exploited to execute arbitrary SQL under the
privileges of the database user as which teapop has authenticated.

For the stable distribution (woody) this problem has been fixed in
version 0.3.4-1woody2.

For the unstable distribution (sid) this problem has been fixed in
version 0.3.5-2.

We recommend that you update your teapop package.

Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody
- --------------------------------

  Source archives:

      
      Size/MD5 checksum:      642 fed7be378523f17820caf954ae0e2d8b
      
      Size/MD5 checksum:    89396 918ff202c7fe4dfa8ca74cf7b8ee737d
      
      Size/MD5 checksum:   139108 af3cfad2323764ee87979c1ed36f1a29

  Alpha architecture:

      
      Size/MD5 checksum:    65630 0ff29aa8b27deeee90da861d42914e8d
      
      Size/MD5 checksum:    68136 34703e180ad5e59ab368fd33974249a1
      
      Size/MD5 checksum:    67566 47db645212b9104fdd7d0acf5d2a4eec

  ARM architecture:

      
      Size/MD5 checksum:    56364 e45dea49a7274c38c321780195e8277a
      
      Size/MD5 checksum:    58310 018adfc8b90c1eab8f3312b3e84a1647
      
      Size/MD5 checksum:    57812 78385a963ac081814c4c610d08572b42

  Intel IA-32 architecture:

      
      Size/MD5 checksum:    55804 05414d63c4b995e026a07a0f9e910a18
      
      Size/MD5 checksum:    57644 9a798c8eea5319c525e65929394f1701
      
      Size/MD5 checksum:    57230 809033cacc20039e32daf4b42d220c0b

  Intel IA-64 architecture:

      
      Size/MD5 checksum:    69916 e1a85ad9143b707ea3f200fd3e6adc0b
      
      Size/MD5 checksum:    72612 150668180e6fca83e78ef0552fb0dd24
      
      Size/MD5 checksum:    72042 e7faa07d5af324408cf8bf105b31840b

  HP Precision architecture:

      
      Size/MD5 checksum:    58700 c6ac59093cd3591aa8251184a09358c1
      
      Size/MD5 checksum:    60562 74454128967adecd6f2e5f721d37030d
      
      Size/MD5 checksum:    60078 d4805ec7278e728a82c5da39e5593b5e

  Motorola 680x0 architecture:

      
      Size/MD5 checksum:    54558 d5c3fc23f82403509739599ffdf6c778
      
      Size/MD5 checksum:    56218 f848d0a4d168f9d71a2c20723f764d9c
      
      Size/MD5 checksum:    55862 6ed69fa88c8347e4ca0b67f3224b0e13

  Big endian MIPS architecture:

      
      Size/MD5 checksum:    59138 764acbee22966dfa0c1694759b9c0e35
      
      Size/MD5 checksum:    61128 cf19e15baa43506e0f3a8dc4d6f3d857
      
      Size/MD5 checksum:    60478 f3e2af096b950dd341a98020b6ebeb81

  Little endian MIPS architecture:

      
      Size/MD5 checksum:    59086 e09f4618622e02b3d533ebddb78c6ad8
      
      Size/MD5 checksum:    61082 9aa5fd0a7209ebb212ab083cf68e71c6
      
      Size/MD5 checksum:    60468 eea4b43810ce3e5fec1a78b927231f8e

  PowerPC architecture:

      
      Size/MD5 checksum:    57756 0c76c1a5ce0f8001d7d681fa1e5e7543
      
      Size/MD5 checksum:    59656 f28a95fae924bb6e3d265c572c21e515
      
      Size/MD5 checksum:    59244 0f6e1aac13b84649ae9dde6f874beac5

  IBM S/390 architecture:

      
      Size/MD5 checksum:    56618 b6f512cc26c3323937a8ebb4affd2b27
      
      Size/MD5 checksum:    58318 626f6878672bc0526c1e6c16c6185158
      
      Size/MD5 checksum:    57908 d605dfaacb83ad92cf0f63297afa2ada

  Sun Sparc architecture:

      
      Size/MD5 checksum:    59376 8d82b3e990a6a1fe6454a922b5235d40
      
      Size/MD5 checksum:    60694 4f0fea369173e6bb12694b3cd34a1128
      
      Size/MD5 checksum:    57778 bfddf178490d83f4706b8bc2c94fe4ee

  These files will probably be moved into the stable distribution on
  its next revision.

- ---------------------------------------------------------------------------------
For apt-get: deb  Debian -- Security Information  stable/updates main
For dpkg-ftp:    dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and  http://packages.debian.org/

Debian: teapop SQL injection vulnerability

July 10, 2003
The SQL modules do not properlyescape user-supplied strings before using them in SQL queries.

Summary

teapop, a POP-3 server, includes modules for authenticating usersagainst a PostgreSQL or MySQL database. These modules do not properly
escape user-supplied strings before using them in SQL queries. This
vulnerability could be exploited to execute arbitrary SQL under the
privileges of the database user as which teapop has authenticated.

For the stable distribution (woody) this problem has been fixed in
version 0.3.4-1woody2.

For the unstable distribution (sid) this problem has been fixed in
version 0.3.5-2.

We recommend that you update your teapop package.

Upgrade Instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody

Source archives:


Size/MD5 checksum: 642 fed7be378523f17820caf954ae0e2d8b

Size/MD5 checksum: 89396 918ff202c7fe4dfa8ca74cf7b8ee737d

Size/MD5 checksum: 139108 af3cfad2323764ee87979c1ed36f1a29

Alpha architecture:


Size/MD5 checksum: 65630 0ff29aa8b27deeee90da861d42914e8d

Size/MD5 checksum: 68136 34703e180ad5e59ab368fd33974249a1

Size/MD5 checksum: 67566 47db645212b9104fdd7d0acf5d2a4eec

ARM architecture:


Size/MD5 checksum: 56364 e45dea49a7274c38c321780195e8277a

Size/MD5 checksum: 58310 018adfc8b90c1eab8f3312b3e84a1647

Size/MD5 checksum: 57812 78385a963ac081814c4c610d08572b42

Intel IA-32 architecture:


Size/MD5 checksum: 55804 05414d63c4b995e026a07a0f9e910a18

Size/MD5 checksum: 57644 9a798c8eea5319c525e65929394f1701

Size/MD5 checksum: 57230 809033cacc20039e32daf4b42d220c0b

Intel IA-64 architecture:


Size/MD5 checksum: 69916 e1a85ad9143b707ea3f200fd3e6adc0b

Size/MD5 checksum: 72612 150668180e6fca83e78ef0552fb0dd24

Size/MD5 checksum: 72042 e7faa07d5af324408cf8bf105b31840b

HP Precision architecture:


Size/MD5 checksum: 58700 c6ac59093cd3591aa8251184a09358c1

Size/MD5 checksum: 60562 74454128967adecd6f2e5f721d37030d

Size/MD5 checksum: 60078 d4805ec7278e728a82c5da39e5593b5e

Motorola 680x0 architecture:


Size/MD5 checksum: 54558 d5c3fc23f82403509739599ffdf6c778

Size/MD5 checksum: 56218 f848d0a4d168f9d71a2c20723f764d9c

Size/MD5 checksum: 55862 6ed69fa88c8347e4ca0b67f3224b0e13

Big endian MIPS architecture:


Size/MD5 checksum: 59138 764acbee22966dfa0c1694759b9c0e35

Size/MD5 checksum: 61128 cf19e15baa43506e0f3a8dc4d6f3d857

Size/MD5 checksum: 60478 f3e2af096b950dd341a98020b6ebeb81

Little endian MIPS architecture:


Size/MD5 checksum: 59086 e09f4618622e02b3d533ebddb78c6ad8

Size/MD5 checksum: 61082 9aa5fd0a7209ebb212ab083cf68e71c6

Size/MD5 checksum: 60468 eea4b43810ce3e5fec1a78b927231f8e

PowerPC architecture:


Size/MD5 checksum: 57756 0c76c1a5ce0f8001d7d681fa1e5e7543

Size/MD5 checksum: 59656 f28a95fae924bb6e3d265c572c21e515

Size/MD5 checksum: 59244 0f6e1aac13b84649ae9dde6f874beac5

IBM S/390 architecture:


Size/MD5 checksum: 56618 b6f512cc26c3323937a8ebb4affd2b27

Size/MD5 checksum: 58318 626f6878672bc0526c1e6c16c6185158

Size/MD5 checksum: 57908 d605dfaacb83ad92cf0f63297afa2ada

Sun Sparc architecture:


Size/MD5 checksum: 59376 8d82b3e990a6a1fe6454a922b5235d40

Size/MD5 checksum: 60694 4f0fea369173e6bb12694b3cd34a1128

Size/MD5 checksum: 57778 bfddf178490d83f4706b8bc2c94fe4ee

These files will probably be moved into the stable distribution on
its next revision.

For apt-get: deb Debian -- Security Information stable/updates main
For dpkg-ftp: dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and http://packages.debian.org/



Severity
Package : teapop
Vulnerability : SQL injection
Problem-Type : remote
Debian-specific: no
CVE Ids : CAN-2003-0515

Related News

5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
28.Lock Globe Esm H320
1 - 2 min read
A resurgence of cyberattacks targeting Linux systems in Asian campaigns through the utilization of the Pupy Remote Access Trojan (RAT) has been
27.Tablet Connections Blocks Lock Esm H320
2 - 4 min read
Canonical has recently announced the Beta release of Ubuntu Linux 24.04 LTS , codenamed "Noble Numbat." This release aims to continue Ubuntu's
21.Globe RadiatingCode Esm H320
2 - 3 min read
The open-source movement has come a long way, from its origins in the 1960s and 1970s to becoming an integral part of organizations worldwide.
13.Lock StylizedMotherboard Esm H320
2 - 3 min read
The Rust-based Edera project demonstrates a unique approach to container security that addresses cloud-native computing challenges. Let's examine
8.Locks HexConnections CodeGlobe Esm H320
2 - 3 min read
Canonical has launched Ubuntu Pro for Devices , a comprehensive offering emphasizing security and compliance for IoT device deployments. This
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved