PRODUCT: PEAR::Auth Authentication Module Package http://pear.php.net/package/Auth VERSIONS AFFECTED: All versions < 1.2.4 1.3 series < 1.3.0r4 DESCRIPTION: Multiple injection vulnerabilities exist in the PEAR::Auth module. Some of the PEAR::Auth Container back ends do not fully validate input from the user before presenting it to the underlying authentication mechanisms. This allows a malicious user to perform injection attacks against the underlying authentication mechanism in order to falsify authentication credentials. TIMELINE: 2006.01.30 - Vendor notified 2006.02.08 - Other developers contacted 2006.02.15 - Fix released 2006.02.21 - Public disclosure to Bugtraq DISCOVERED BY: Matt Van Gundy <matt-spam [at] shekinahstudios [dot] com> ^^^^^ remove the -spam to get past my spamtrap
Attachment:
signature.asc
Description: OpenPGP digital signature