PAM-MySQL Code Execution And Denial Of Service Vulnerabilities

PAM-MySQL Code Execution And Denial Of Service Vulnerabilities

PAM-MySQL is susceptible to two vulnerabilities:

- a denial-of-service vulnerability in its logging facility
- a double-free vulnerability.

These issues allow local and remote attackers to execute arbitrary machine code in the context of the affected module. Attackers may also crash applications that use the PAM module, denying service to legitimate users. Applications that execute the PAM module with superuser privileges will allow attackers to completely compromise affected computers.