Candidate: CVE-2013-0191
PublicDate: 2014-06-03 14:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0191
Description:
 libpam-pgsql (aka pam_pgsql) 0.7 does not properly handle a NULL value
 returned by the password search query, which allows remote attackers to
 bypass authentication via a crafted password.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=698241
 https://sourceforge.net/p/pam-pgsql/bugs/13/
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_pam-pgsql:
 upstream: https://sourceforge.net/u/lvella/pam-pgsql/ci/9361f5970e5dd90a747319995b67c2f73b91448c/
upstream_pam-pgsql: needs-triage
hardy_pam-pgsql: ignored (reached end-of-life)
lucid_pam-pgsql: ignored (reached end-of-life)
oneiric_pam-pgsql: ignored (reached end-of-life)
precise_pam-pgsql: ignored (reached end-of-life)
precise/esm_pam-pgsql: DNE (precise was needed)
quantal_pam-pgsql: ignored (reached end-of-life)
raring_pam-pgsql: ignored (reached end-of-life)
saucy_pam-pgsql: ignored (reached end-of-life)
trusty_pam-pgsql: not-affected (0.7.3.1-4)
trusty/esm_pam-pgsql: DNE (trusty was not-affected [0.7.3.1-4])
utopic_pam-pgsql: not-affected (0.7.3.1-4)
vivid_pam-pgsql: not-affected (0.7.3.1-4)
vivid/stable-phone-overlay_pam-pgsql: DNE
vivid/ubuntu-core_pam-pgsql: DNE
wily_pam-pgsql: not-affected (0.7.3.1-4)
xenial_pam-pgsql: not-affected (0.7.3.1-4)
yakkety_pam-pgsql: not-affected (0.7.3.1-4)
zesty_pam-pgsql: not-affected (0.7.3.1-4)
devel_pam-pgsql: not-affected (0.7.3.1-4)