CVE-2008-2667
Severity Score
5.1
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
SQL injection vulnerability in the Courier Authentication Library (aka courier-authlib) before 0.60.6 on SUSE openSUSE 10.3 and 11.0, and other platforms, when MySQL and a non-Latin character set are used, allows remote attackers to execute arbitrary SQL commands via the username and unspecified other vectors.
Una vulnerabilidad de inyección SQL en Courier Authentication Library (también se conoce como courier-authlib) anterior a versión 0.60.6 en openSUSE de SUSE versiones 10.3 y 11.0, y otras plataformas, cuando se utilizan MySQL y un juego de caracteres non-Latin, permite a los atacantes remotos ejecutar comandos SQL arbitrarios por medio del nombre de usuario y otros vectores no especificados.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2008-06-10 CVE Reserved
- 2008-07-07 CVE Published
- 2024-07-13 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CAPEC
References (9)
| URL | Tag | Source |
|---|---|---|
| http://bugs.gentoo.org/show_bug.cgi?id=225407 | X_refsource_confirm | |
| http://www.courier-mta.org/authlib/changelog.html | X_refsource_confirm | |
| http://www.mail-archive.com/courier-users%40lists.sourceforge.net/msg31362.html | Mailing List | |
| http://www.nabble.com/courier-authlib-0.60.6-released-td17720739.html | Mailing List | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/43628 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html | 2023-11-07 | |
| http://secunia.com/advisories/30591 | 2023-11-07 | |
| http://secunia.com/advisories/30967 | 2023-11-07 | |
| http://security.gentoo.org/glsa/glsa-200809-05.xml | 2023-11-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Courier-mta Search vendor "Courier-mta" | Courtier-authlib Search vendor "Courier-mta" for product "Courtier-authlib" | 0.52 Search vendor "Courier-mta" for product "Courtier-authlib" and version "0.52" | - |
Affected
| in | Suse Search vendor "Suse" | Open Suse Search vendor "Suse" for product "Open Suse" | 10.3 Search vendor "Suse" for product "Open Suse" and version "10.3" | - |
Safe
|
| Courier-mta Search vendor "Courier-mta" | Courtier-authlib Search vendor "Courier-mta" for product "Courtier-authlib" | 0.52 Search vendor "Courier-mta" for product "Courtier-authlib" and version "0.52" | - |
Affected
| in | Suse Search vendor "Suse" | Open Suse Search vendor "Suse" for product "Open Suse" | 11.0 Search vendor "Suse" for product "Open Suse" and version "11.0" | - |
Safe
|
| Courier-mta Search vendor "Courier-mta" | Courtier-authlib Search vendor "Courier-mta" for product "Courtier-authlib" | 0.53 Search vendor "Courier-mta" for product "Courtier-authlib" and version "0.53" | - |
Affected
| in | Suse Search vendor "Suse" | Open Suse Search vendor "Suse" for product "Open Suse" | 10.3 Search vendor "Suse" for product "Open Suse" and version "10.3" | - |
Safe
|
| Courier-mta Search vendor "Courier-mta" | Courtier-authlib Search vendor "Courier-mta" for product "Courtier-authlib" | 0.53 Search vendor "Courier-mta" for product "Courtier-authlib" and version "0.53" | - |
Affected
| in | Suse Search vendor "Suse" | Open Suse Search vendor "Suse" for product "Open Suse" | 11.0 Search vendor "Suse" for product "Open Suse" and version "11.0" | - |
Safe
|
| Courier-mta Search vendor "Courier-mta" | Courtier-authlib Search vendor "Courier-mta" for product "Courtier-authlib" | 0.54 Search vendor "Courier-mta" for product "Courtier-authlib" and version "0.54" | - |
Affected
| in | Suse Search vendor "Suse" | Open Suse Search vendor "Suse" for product "Open Suse" | 10.3 Search vendor "Suse" for product "Open Suse" and version "10.3" | - |
Safe
|
| Courier-mta Search vendor "Courier-mta" | Courtier-authlib Search vendor "Courier-mta" for product "Courtier-authlib" | 0.54 Search vendor "Courier-mta" for product "Courtier-authlib" and version "0.54" | - |
Affected
| in | Suse Search vendor "Suse" | Open Suse Search vendor "Suse" for product "Open Suse" | 11.0 Search vendor "Suse" for product "Open Suse" and version "11.0" | - |
Safe
|
| Courier-mta Search vendor "Courier-mta" | Courtier-authlib Search vendor "Courier-mta" for product "Courtier-authlib" | 0.55 Search vendor "Courier-mta" for product "Courtier-authlib" and version "0.55" | - |
Affected
| in | Suse Search vendor "Suse" | Open Suse Search vendor "Suse" for product "Open Suse" | 10.3 Search vendor "Suse" for product "Open Suse" and version "10.3" | - |
Safe
|
| Courier-mta Search vendor "Courier-mta" | Courtier-authlib Search vendor "Courier-mta" for product "Courtier-authlib" | 0.55 Search vendor "Courier-mta" for product "Courtier-authlib" and version "0.55" | - |
Affected
| in | Suse Search vendor "Suse" | Open Suse Search vendor "Suse" for product "Open Suse" | 11.0 Search vendor "Suse" for product "Open Suse" and version "11.0" | - |
Safe
|
| Courier-mta Search vendor "Courier-mta" | Courtier-authlib Search vendor "Courier-mta" for product "Courtier-authlib" | 0.56 Search vendor "Courier-mta" for product "Courtier-authlib" and version "0.56" | - |
Affected
| in | Suse Search vendor "Suse" | Open Suse Search vendor "Suse" for product "Open Suse" | 10.3 Search vendor "Suse" for product "Open Suse" and version "10.3" | - |
Safe
|
| Courier-mta Search vendor "Courier-mta" | Courtier-authlib Search vendor "Courier-mta" for product "Courtier-authlib" | 0.56 Search vendor "Courier-mta" for product "Courtier-authlib" and version "0.56" | - |
Affected
| in | Suse Search vendor "Suse" | Open Suse Search vendor "Suse" for product "Open Suse" | 11.0 Search vendor "Suse" for product "Open Suse" and version "11.0" | - |
Safe
|
| Courier-mta Search vendor "Courier-mta" | Courtier-authlib Search vendor "Courier-mta" for product "Courtier-authlib" | 0.57 Search vendor "Courier-mta" for product "Courtier-authlib" and version "0.57" | - |
Affected
| in | Suse Search vendor "Suse" | Open Suse Search vendor "Suse" for product "Open Suse" | 10.3 Search vendor "Suse" for product "Open Suse" and version "10.3" | - |
Safe
|
| Courier-mta Search vendor "Courier-mta" | Courtier-authlib Search vendor "Courier-mta" for product "Courtier-authlib" | 0.57 Search vendor "Courier-mta" for product "Courtier-authlib" and version "0.57" | - |
Affected
| in | Suse Search vendor "Suse" | Open Suse Search vendor "Suse" for product "Open Suse" | 11.0 Search vendor "Suse" for product "Open Suse" and version "11.0" | - |
Safe
|
| Courier-mta Search vendor "Courier-mta" | Courtier-authlib Search vendor "Courier-mta" for product "Courtier-authlib" | 0.58 Search vendor "Courier-mta" for product "Courtier-authlib" and version "0.58" | - |
Affected
| in | Suse Search vendor "Suse" | Open Suse Search vendor "Suse" for product "Open Suse" | 10.3 Search vendor "Suse" for product "Open Suse" and version "10.3" | - |
Safe
|
| Courier-mta Search vendor "Courier-mta" | Courtier-authlib Search vendor "Courier-mta" for product "Courtier-authlib" | 0.58 Search vendor "Courier-mta" for product "Courtier-authlib" and version "0.58" | - |
Affected
| in | Suse Search vendor "Suse" | Open Suse Search vendor "Suse" for product "Open Suse" | 11.0 Search vendor "Suse" for product "Open Suse" and version "11.0" | - |
Safe
|
| Courier-mta Search vendor "Courier-mta" | Courtier-authlib Search vendor "Courier-mta" for product "Courtier-authlib" | 0.59 Search vendor "Courier-mta" for product "Courtier-authlib" and version "0.59" | - |
Affected
| in | Suse Search vendor "Suse" | Open Suse Search vendor "Suse" for product "Open Suse" | 10.3 Search vendor "Suse" for product "Open Suse" and version "10.3" | - |
Safe
|
| Courier-mta Search vendor "Courier-mta" | Courtier-authlib Search vendor "Courier-mta" for product "Courtier-authlib" | 0.59 Search vendor "Courier-mta" for product "Courtier-authlib" and version "0.59" | - |
Affected
| in | Suse Search vendor "Suse" | Open Suse Search vendor "Suse" for product "Open Suse" | 11.0 Search vendor "Suse" for product "Open Suse" and version "11.0" | - |
Safe
|
| Courier-mta Search vendor "Courier-mta" | Courtier-authlib Search vendor "Courier-mta" for product "Courtier-authlib" | 0.59.1 Search vendor "Courier-mta" for product "Courtier-authlib" and version "0.59.1" | - |
Affected
| in | Suse Search vendor "Suse" | Open Suse Search vendor "Suse" for product "Open Suse" | 10.3 Search vendor "Suse" for product "Open Suse" and version "10.3" | - |
Safe
|
| Courier-mta Search vendor "Courier-mta" | Courtier-authlib Search vendor "Courier-mta" for product "Courtier-authlib" | 0.59.1 Search vendor "Courier-mta" for product "Courtier-authlib" and version "0.59.1" | - |
Affected
| in | Suse Search vendor "Suse" | Open Suse Search vendor "Suse" for product "Open Suse" | 11.0 Search vendor "Suse" for product "Open Suse" and version "11.0" | - |
Safe
|
| Courier-mta Search vendor "Courier-mta" | Courtier-authlib Search vendor "Courier-mta" for product "Courtier-authlib" | 0.59.2 Search vendor "Courier-mta" for product "Courtier-authlib" and version "0.59.2" | - |
Affected
| in | Suse Search vendor "Suse" | Open Suse Search vendor "Suse" for product "Open Suse" | 10.3 Search vendor "Suse" for product "Open Suse" and version "10.3" | - |
Safe
|
| Courier-mta Search vendor "Courier-mta" | Courtier-authlib Search vendor "Courier-mta" for product "Courtier-authlib" | 0.59.2 Search vendor "Courier-mta" for product "Courtier-authlib" and version "0.59.2" | - |
Affected
| in | Suse Search vendor "Suse" | Open Suse Search vendor "Suse" for product "Open Suse" | 11.0 Search vendor "Suse" for product "Open Suse" and version "11.0" | - |
Safe
|
| Courier-mta Search vendor "Courier-mta" | Courtier-authlib Search vendor "Courier-mta" for product "Courtier-authlib" | 0.59.3 Search vendor "Courier-mta" for product "Courtier-authlib" and version "0.59.3" | - |
Affected
| in | Suse Search vendor "Suse" | Open Suse Search vendor "Suse" for product "Open Suse" | 10.3 Search vendor "Suse" for product "Open Suse" and version "10.3" | - |
Safe
|
| Courier-mta Search vendor "Courier-mta" | Courtier-authlib Search vendor "Courier-mta" for product "Courtier-authlib" | 0.59.3 Search vendor "Courier-mta" for product "Courtier-authlib" and version "0.59.3" | - |
Affected
| in | Suse Search vendor "Suse" | Open Suse Search vendor "Suse" for product "Open Suse" | 11.0 Search vendor "Suse" for product "Open Suse" and version "11.0" | - |
Safe
|
| Courier-mta Search vendor "Courier-mta" | Courtier-authlib Search vendor "Courier-mta" for product "Courtier-authlib" | 0.60 Search vendor "Courier-mta" for product "Courtier-authlib" and version "0.60" | - |
Affected
| in | Suse Search vendor "Suse" | Open Suse Search vendor "Suse" for product "Open Suse" | 10.3 Search vendor "Suse" for product "Open Suse" and version "10.3" | - |
Safe
|
| Courier-mta Search vendor "Courier-mta" | Courtier-authlib Search vendor "Courier-mta" for product "Courtier-authlib" | 0.60 Search vendor "Courier-mta" for product "Courtier-authlib" and version "0.60" | - |
Affected
| in | Suse Search vendor "Suse" | Open Suse Search vendor "Suse" for product "Open Suse" | 11.0 Search vendor "Suse" for product "Open Suse" and version "11.0" | - |
Safe
|
| Courier-mta Search vendor "Courier-mta" | Courtier-authlib Search vendor "Courier-mta" for product "Courtier-authlib" | 0.60.1 Search vendor "Courier-mta" for product "Courtier-authlib" and version "0.60.1" | - |
Affected
| in | Suse Search vendor "Suse" | Open Suse Search vendor "Suse" for product "Open Suse" | 10.3 Search vendor "Suse" for product "Open Suse" and version "10.3" | - |
Safe
|
| Courier-mta Search vendor "Courier-mta" | Courtier-authlib Search vendor "Courier-mta" for product "Courtier-authlib" | 0.60.1 Search vendor "Courier-mta" for product "Courtier-authlib" and version "0.60.1" | - |
Affected
| in | Suse Search vendor "Suse" | Open Suse Search vendor "Suse" for product "Open Suse" | 11.0 Search vendor "Suse" for product "Open Suse" and version "11.0" | - |
Safe
|
| Courier-mta Search vendor "Courier-mta" | Courtier-authlib Search vendor "Courier-mta" for product "Courtier-authlib" | 0.60.2 Search vendor "Courier-mta" for product "Courtier-authlib" and version "0.60.2" | - |
Affected
| in | Suse Search vendor "Suse" | Open Suse Search vendor "Suse" for product "Open Suse" | 10.3 Search vendor "Suse" for product "Open Suse" and version "10.3" | - |
Safe
|
| Courier-mta Search vendor "Courier-mta" | Courtier-authlib Search vendor "Courier-mta" for product "Courtier-authlib" | 0.60.2 Search vendor "Courier-mta" for product "Courtier-authlib" and version "0.60.2" | - |
Affected
| in | Suse Search vendor "Suse" | Open Suse Search vendor "Suse" for product "Open Suse" | 11.0 Search vendor "Suse" for product "Open Suse" and version "11.0" | - |
Safe
|
| Courier-mta Search vendor "Courier-mta" | Courtier-authlib Search vendor "Courier-mta" for product "Courtier-authlib" | 0.60.3 Search vendor "Courier-mta" for product "Courtier-authlib" and version "0.60.3" | - |
Affected
| in | Suse Search vendor "Suse" | Open Suse Search vendor "Suse" for product "Open Suse" | 10.3 Search vendor "Suse" for product "Open Suse" and version "10.3" | - |
Safe
|
| Courier-mta Search vendor "Courier-mta" | Courtier-authlib Search vendor "Courier-mta" for product "Courtier-authlib" | 0.60.3 Search vendor "Courier-mta" for product "Courtier-authlib" and version "0.60.3" | - |
Affected
| in | Suse Search vendor "Suse" | Open Suse Search vendor "Suse" for product "Open Suse" | 11.0 Search vendor "Suse" for product "Open Suse" and version "11.0" | - |
Safe
|
| Courier-mta Search vendor "Courier-mta" | Courtier-authlib Search vendor "Courier-mta" for product "Courtier-authlib" | 0.60.4 Search vendor "Courier-mta" for product "Courtier-authlib" and version "0.60.4" | - |
Affected
| in | Suse Search vendor "Suse" | Open Suse Search vendor "Suse" for product "Open Suse" | 10.3 Search vendor "Suse" for product "Open Suse" and version "10.3" | - |
Safe
|
| Courier-mta Search vendor "Courier-mta" | Courtier-authlib Search vendor "Courier-mta" for product "Courtier-authlib" | 0.60.4 Search vendor "Courier-mta" for product "Courtier-authlib" and version "0.60.4" | - |
Affected
| in | Suse Search vendor "Suse" | Open Suse Search vendor "Suse" for product "Open Suse" | 11.0 Search vendor "Suse" for product "Open Suse" and version "11.0" | - |
Safe
|
| Courier-mta Search vendor "Courier-mta" | Courtier-authlib Search vendor "Courier-mta" for product "Courtier-authlib" | 0.60.5 Search vendor "Courier-mta" for product "Courtier-authlib" and version "0.60.5" | - |
Affected
| in | Suse Search vendor "Suse" | Open Suse Search vendor "Suse" for product "Open Suse" | 10.3 Search vendor "Suse" for product "Open Suse" and version "10.3" | - |
Safe
|
| Courier-mta Search vendor "Courier-mta" | Courtier-authlib Search vendor "Courier-mta" for product "Courtier-authlib" | 0.60.5 Search vendor "Courier-mta" for product "Courtier-authlib" and version "0.60.5" | - |
Affected
| in | Suse Search vendor "Suse" | Open Suse Search vendor "Suse" for product "Open Suse" | 11.0 Search vendor "Suse" for product "Open Suse" and version "11.0" | - |
Safe
|