PublicDate: 2006-02-13 11:06:00 UTC
Candidate: CVE-2006-0056
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0056
Description:
 Double free vulnerability in the authentication and authentication token
 alteration code in PAM-MySQL 0.6.x before 0.6.2 and 0.7.x before 0.7pre3
 allows remote attackers to cause a denial of service (application crash)
 and possibly execute arbitrary code via crafted passwords, which lead to a
 double free of a pointer that was created by the pam_get_item function. 
 NOTE: this issue only occurs in certain configurations in which there are
 multiple PAM modules, PAM-MySQL is not evaluated first, and there are no
 requisite modules before PAM-MySQL.
Ubuntu-Description:
Notes:
Priority: untriaged
Discovered-by:
Assigned-to:
CVSS:

Bugs:
dapper_pam-mysql: released (0.6.2-1)
edgy_pam-mysql: released (0.6.2-1)
feisty_pam-mysql: released (0.6.2-1)
devel_pam-mysql: released (0.6.2-1)
upstream_pam-mysql: needs-triage