Candidate: CVE-2015-6817
PublicDate: 2017-05-23 04:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6817
 https://pgbouncer.github.io/2015/09/pgbouncer-1-6-1/
 https://github.com/pgbouncer/pgbouncer/issues/69
 http://www.openwall.com/lists/oss-security/2015/09/04/3
Description:
 PgBouncer 1.6.x before 1.6.1, when configured with auth_user, allows remote
 attackers to gain login access as auth_user via an unknown username.
Ubuntu-Description:
Notes:
 sbeattie> affects pgbouncer 1.6 only.
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H [8.1 HIGH]

Patches_pgbouncer:
upstream_pgbouncer: released (1.6.1-1)
precise_pgbouncer: not-affected (pre 1.6)
trusty_pgbouncer: not-affected (pre 1.6)
trusty/esm_pgbouncer: DNE (trusty was not-affected [pre 1.6])
vivid_pgbouncer: not-affected (pre 1.6)
devel_pgbouncer: not-affected (pre 1.6)