Re: CVE Request: PgBouncer: failed auth_query lookup leads to connection as auth_user

[cve-assign () mitre org]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> https://pgbouncer.github.io/2015/09/pgbouncer-1-6-1/
> https://github.com/pgbouncer/pgbouncer/issues/69
> https://github.com/pgbouncer/pgbouncer/commit/7ca3e5279d05fceb1e8a043c6f5b6f58dea3ed38

> http://comments.gmane.org/gmane.comp.db.postgresql.pgbouncer.general/1251
>
> auth_user is already set (to the config 
> auth_user value). Thus, getting no rows back from the auth_query lets one 
> log in as the powerful auth_user user

> The real bug was assigning db->auth_user to client->auth_user in the
> first place.

Use CVE-2015-6817.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJV6xpiAAoJEL54rhJi8gl5xggP/ifKkzMNnMHj6gpM3wvGfgNk
7cp/i+FaEz/q6o+f7ZGY7uTRnPaaD51QXWQpg4FZZpEN5MuXCEYzx9zwXZVJxEte
Pbim83MHo0ubnMABwkP/9rKDo5l+e3mFHB5DM+mKsWwdwudK1wUCoTxWo19VISPn
nZH6sEwPmj2OFIRD01sq7J/WPaE1Yc7UGDLX2nwO6+sGQfkTLcOl6DXSXQWry0xO
PJiUKynWfSnEr8fyGtw1/8Y0X7JcBTSxOJ/fcPxSpTfatmtePnMYRf9a8+AlS7fV
K8tuecXItQo8hyQEKxzayMy0tilFOww3xWoxdLTeziQZeIvywjvL9Keij+PhHTXH
+Fcb4sMb7O1wdpIx4mlvTvleF1PHTccUB41tqRvWz+V+i9ag49ER+qpEpJkhpZ5V
tNJkEf4O71lDFgzWnSXfJeNYUDasMkK/JqJyZ8jrUDlIkrKfqjrsgnji1ytuD+wh
5rMWNjDeFMUtzEWR8fDTDCVzcYPmnvI1yaW+U9EjHzXzFqKLaueP9NTQGtBTBCnq
cRhI435z59m7ILXTbVGxo4IGmhVtLWqZMSfHI/7ImQBuNYfMw6thRA9hHHOUEP6m
iSsRrrahj3aYOJCmt76c1cyk0wy/MoW2oE6Ijt9+dKenFC11sn0rx4YLW5gbkbs3
DxI5O04+S3maL6o50vuE
=7MYo
-----END PGP SIGNATURE-----