CVE-2003-0040

Vulnerability

SQL injection vulnerability exists in the PostgreSQL authentication module of Courier versions 0.40 and earlier. The flaw occurs when user-supplied usernames are not properly sanitized before being used in SQL queries, allowing an attacker to inject arbitrary SQL statements into the database backend.

Exploitation

An attacker with network access to the Courier service can send a specially crafted username string containing SQL metacharacters. No prior authentication is required. The attacker can exploit this by connecting to the service and providing a malicious username, which is then processed by the auth module and passed to the PostgreSQL database server without proper escaping.

Impact

Successful exploitation allows the attacker to execute arbitrary SQL commands on the PostgreSQL database with the privileges of the Courier application. This can lead to unauthorized data access, modification, or deletion, and potentially compromise the entire database server. The impact is considered critical.

Mitigation

Debian has released updated packages for courier in DSA-247 [1]. Users should upgrade to version 0.42-5 or later. For systems that cannot be immediately upgraded, it is recommended to restrict network access to the Courier service and apply the vendor patch as soon as possible.