CVE-2005-4713

NameCVE-2005-4713
DescriptionUnspecified vulnerability in the SQL logging facility in PAM-MySQL 0.6.x before 0.6.2 and 0.7.x before 0.7pre3 allows remote attackers to cause a denial of service (segmentation fault) via unspecified vectors, probably involving the pam_mysql_sql_log function when being used in vsftpd, which does not include the IP address argument to an sprintf call.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs353589

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
pam-mysql (PTS)buster0.8.1-1fixed
bullseye0.8.1-5fixed
sid, trixie, bookworm0.8.2-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
pam-mysqlsourcesarge(not affected)
pam-mysqlsource(unstable)0.6.2-1low353589

Notes

[sarge] - pam-mysql <not-affected> (Vulnerable code not present)
Search for package or bug name: Reporting problems