TeaPOP Authentication Modules SQL Injection Vulnerability - Secunia Advisories - Vulnerability Intelligence

TeaPOP Authentication Modules SQL Injection Vulnerability
Secunia Advisory:	SA9228	Advisory Toolbox: Issue ticket Save in to-do list Mark as handled Exploit information Download as PDF Review actions Add comment
Release Date:	2003-07-10
Popularity:	8,289 views

Critical:	Moderately critical
Impact:	Manipulation of data Exposure of sensitive information
Where:	From remote
Solution Status:	Vendor Patch

OS:	Debian GNU/Linux 3.0 Debian GNU/Linux unstable alias sid

Software:	TeaPOP 3.x

Subscribe:	Instant alerts on relevant vulnerabilities

CVE reference:	CVE-2003-0515

Description: A vulnerability has been identified in TeaPOP, which can be exploited by malicious people to conduct SQL injection attacks against a vulnerable mail server. The vulnerability is caused due to some input validation errors in the modules included for authenticating users against a PostgreSQL or MySQL database. This can be exploited to manipulate existing queries by injecting arbitrary SQL code. Solution: Fixed in devel version: http://www.toontown.org/teapop/download.php Debian has issued updated packages: -- Debian GNU/Linux 3.0 alias woody -- Source archives: http://security.debian.org/pool/updates/main/t/teapop/teapop_0.3.4-1woody2.dsc Size/MD5 checksum: 642 fed7be378523f17820caf954ae0e2d8b http://security.debian.org/pool/updat...t/teapop/teapop_0.3.4-1woody2.diff.gz Size/MD5 checksum: 89396 918ff202c7fe4dfa8ca74cf7b8ee737d http://security.debian.org/pool/updates/main/t/teapop/teapop_0.3.4.orig.tar.gz Size/MD5 checksum: 139108 af3cfad2323764ee87979c1ed36f1a29 Alpha architecture: http://security.debian.org/pool/updat...teapop/teapop_0.3.4-1woody2_alpha.deb Size/MD5 checksum: 65630 0ff29aa8b27deeee90da861d42914e8d http://security.debian.org/pool/updat.../teapop-mysql_0.3.4-1woody2_alpha.deb Size/MD5 checksum: 68136 34703e180ad5e59ab368fd33974249a1 http://security.debian.org/pool/updat.../teapop-pgsql_0.3.4-1woody2_alpha.deb Size/MD5 checksum: 67566 47db645212b9104fdd7d0acf5d2a4eec ARM architecture: http://security.debian.org/pool/updat...t/teapop/teapop_0.3.4-1woody2_arm.deb Size/MD5 checksum: 56364 e45dea49a7274c38c321780195e8277a http://security.debian.org/pool/updat...op/teapop-mysql_0.3.4-1woody2_arm.deb Size/MD5 checksum: 58310 018adfc8b90c1eab8f3312b3e84a1647 http://security.debian.org/pool/updat...op/teapop-pgsql_0.3.4-1woody2_arm.deb Size/MD5 checksum: 57812 78385a963ac081814c4c610d08572b42 Intel IA-32 architecture: http://security.debian.org/pool/updat.../teapop/teapop_0.3.4-1woody2_i386.deb Size/MD5 checksum: 55804 05414d63c4b995e026a07a0f9e910a18 http://security.debian.org/pool/updat...p/teapop-mysql_0.3.4-1woody2_i386.deb Size/MD5 checksum: 57644 9a798c8eea5319c525e65929394f1701 http://security.debian.org/pool/updat...p/teapop-pgsql_0.3.4-1woody2_i386.deb Size/MD5 checksum: 57230 809033cacc20039e32daf4b42d220c0b Intel IA-64 architecture: http://security.debian.org/pool/updat.../teapop/teapop_0.3.4-1woody2_ia64.deb Size/MD5 checksum: 69916 e1a85ad9143b707ea3f200fd3e6adc0b http://security.debian.org/pool/updat...p/teapop-mysql_0.3.4-1woody2_ia64.deb Size/MD5 checksum: 72612 150668180e6fca83e78ef0552fb0dd24 http://security.debian.org/pool/updat...p/teapop-pgsql_0.3.4-1woody2_ia64.deb Size/MD5 checksum: 72042 e7faa07d5af324408cf8bf105b31840b HP Precision architecture: http://security.debian.org/pool/updat.../teapop/teapop_0.3.4-1woody2_hppa.deb Size/MD5 checksum: 58700 c6ac59093cd3591aa8251184a09358c1 http://security.debian.org/pool/updat...p/teapop-mysql_0.3.4-1woody2_hppa.deb Size/MD5 checksum: 60562 74454128967adecd6f2e5f721d37030d http://security.debian.org/pool/updat...p/teapop-pgsql_0.3.4-1woody2_hppa.deb Size/MD5 checksum: 60078 d4805ec7278e728a82c5da39e5593b5e Motorola 680x0 architecture: http://security.debian.org/pool/updat.../teapop/teapop_0.3.4-1woody2_m68k.deb Size/MD5 checksum: 54558 d5c3fc23f82403509739599ffdf6c778 http://security.debian.org/pool/updat...p/teapop-mysql_0.3.4-1woody2_m68k.deb Size/MD5 checksum: 56218 f848d0a4d168f9d71a2c20723f764d9c http://security.debian.org/pool/updat...p/teapop-pgsql_0.3.4-1woody2_m68k.deb Size/MD5 checksum: 55862 6ed69fa88c8347e4ca0b67f3224b0e13 Big endian MIPS architecture: http://security.debian.org/pool/updat.../teapop/teapop_0.3.4-1woody2_mips.deb Size/MD5 checksum: 59138 764acbee22966dfa0c1694759b9c0e35 http://security.debian.org/pool/updat...p/teapop-mysql_0.3.4-1woody2_mips.deb Size/MD5 checksum: 61128 cf19e15baa43506e0f3a8dc4d6f3d857 http://security.debian.org/pool/updat...p/teapop-pgsql_0.3.4-1woody2_mips.deb Size/MD5 checksum: 60478 f3e2af096b950dd341a98020b6ebeb81 Little endian MIPS architecture: http://security.debian.org/pool/updat...eapop/teapop_0.3.4-1woody2_mipsel.deb Size/MD5 checksum: 59086 e09f4618622e02b3d533ebddb78c6ad8 http://security.debian.org/pool/updat...teapop-mysql_0.3.4-1woody2_mipsel.deb Size/MD5 checksum: 61082 9aa5fd0a7209ebb212ab083cf68e71c6 http://security.debian.org/pool/updat...teapop-pgsql_0.3.4-1woody2_mipsel.deb Size/MD5 checksum: 60468 eea4b43810ce3e5fec1a78b927231f8e PowerPC architecture: http://security.debian.org/pool/updat...apop/teapop_0.3.4-1woody2_powerpc.deb Size/MD5 checksum: 57756 0c76c1a5ce0f8001d7d681fa1e5e7543 http://security.debian.org/pool/updat...eapop-mysql_0.3.4-1woody2_powerpc.deb Size/MD5 checksum: 59656 f28a95fae924bb6e3d265c572c21e515 http://security.debian.org/pool/updat...eapop-pgsql_0.3.4-1woody2_powerpc.deb Size/MD5 checksum: 59244 0f6e1aac13b84649ae9dde6f874beac5 IBM S/390 architecture: http://security.debian.org/pool/updat.../teapop/teapop_0.3.4-1woody2_s390.deb Size/MD5 checksum: 56618 b6f512cc26c3323937a8ebb4affd2b27 http://security.debian.org/pool/updat...p/teapop-mysql_0.3.4-1woody2_s390.deb Size/MD5 checksum: 58318 626f6878672bc0526c1e6c16c6185158 http://security.debian.org/pool/updat...p/teapop-pgsql_0.3.4-1woody2_s390.deb Size/MD5 checksum: 57908 d605dfaacb83ad92cf0f63297afa2ada Sun Sparc architecture: http://security.debian.org/pool/updat...teapop/teapop_0.3.4-1woody2_sparc.deb Size/MD5 checksum: 59376 8d82b3e990a6a1fe6454a922b5235d40 http://security.debian.org/pool/updat.../teapop-mysql_0.3.4-1woody2_sparc.deb Size/MD5 checksum: 60694 4f0fea369173e6bb12694b3cd34a1128 http://security.debian.org/pool/updat.../teapop-pgsql_0.3.4-1woody2_sparc.deb Size/MD5 checksum: 57778 bfddf178490d83f4706b8bc2c94fe4ee -- Debian GNU/Linux unstable alias sid -- Fixed in version 0.3.5-2. Original Advisory: http://lists.debian.org/debian-securi...-security-announce-2003/msg00144.html

Track this Secunia Advisory
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released. Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.

About this Secunia Advisory
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise. Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.

Latest Advisories

2nd Dec, 2008

New advisories:	14
New vulnerabilities:	21
Updated advisories:	26

Less // 386 views

Linksys WRT160N Cross-Site Scripting Vulnerability

Less // 367 views

IBM Rational ClearQuest Multiple Vulnerabilities

Not // 289 views

Debian update for flamethrower

Not // 279 views

flamethrower Insecure Temporary Files

Less // 337 views

IBM Rational ClearCase Cross-Site Scripting Vulnerability

Not // 325 views

DAHDI "ZT_SPANCONFIG" IOCTL Privilege Escalation Vulnerability

Not // 320 views

Zaptel "ZT_SPANCONFIG" IOCTL Privilege Escalation Vulnerabilities

Moderately // 309 views

Rumpus Multiple Vulnerabilities

Less // 325 views

bcoos "cid" SQL Injection Vulnerability

Moderately // 339 views

ASP Portal "ASPPortal.mdb" Database Disclosure Security Issue

Solutions | More...

Send Feedback to Secunia
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com. Ideas, suggestions, and other feedback are most welcome.