CVE-2006-0056

Name: CVE-2006-0056
Creator: NVD / NIST
Published: 2006-02-13T11:06:00+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 6.32%

Last modified Jun 16, 2026

CVE-2006-0056 is a vulnerability of currently unknown severity. Double free vulnerability in the authentication and authentication token alteration code in PAM-MySQL 0.6.x before 0.6.2 and 0.7.x before 0.7pre3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted passwords, which lead to a double free of a pointer that was created by the pam_get_item function. NOTE: this issue only occurs in certain configurations in which there are multiple PAM modules, PAM-MySQL is not evaluated first, and there are no requisite modules before PAM-MySQL.. EPSS estimates a 6.32% chance of exploitation in the next 30 days.

Description

Double free vulnerability in the authentication and authentication token alteration code in PAM-MySQL 0.6.x before 0.6.2 and 0.7.x before 0.7pre3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted passwords, which lead to a double free of a pointer that was created by the pam_get_item function. NOTE: this issue only occurs in certain configurations in which there are multiple PAM modules, PAM-MySQL is not evaluated first, and there are no requisite modules before PAM-MySQL.

Metrics

EPSS Probability

6.32%

92.7th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-119

Affected Software

Vendor	Product	Versions
Pam-Mysql	Pam-Mysql	0.1
Pam-Mysql	Pam-Mysql	0.2
Pam-Mysql	Pam-Mysql	0.3
Pam-Mysql	Pam-Mysql	0.4
Pam-Mysql	Pam-Mysql	0.4.7
Pam-Mysql	Pam-Mysql	0.5
Pam-Mysql	Pam-Mysql	0.6
Pam-Mysql	Pam-Mysql	0.7_pre1
Pam-Mysql	Pam-Mysql	0.7_pre2

References

http://jvn.jp/cert/JVNVU%23693909/index.html
http://secunia.com/advisories/18598Patch, Vendor Advisory
http://secunia.com/advisories/20690Vendor Advisory
http://securitytracker.com/id?1015603Patch
http://sourceforge.net/forum/forum.php?forum_id=499394
http://www.gentoo.org/security/en/glsa/glsa-200606-18.xml
http://www.kb.cert.org/vuls/id/693909Patch, Third Party Advisory, US Government Resource
http://www.osvdb.org/22994
http://www.osvdb.org/22995
http://www.securityfocus.com/bid/16564Patch
http://www.vupen.com/english/advisories/2006/0490
http://jvn.jp/cert/JVNVU%23693909/index.html
http://secunia.com/advisories/18598Patch, Vendor Advisory
http://secunia.com/advisories/20690Vendor Advisory
http://securitytracker.com/id?1015603Patch
http://sourceforge.net/forum/forum.php?forum_id=499394
http://www.gentoo.org/security/en/glsa/glsa-200606-18.xml
http://www.kb.cert.org/vuls/id/693909Patch, Third Party Advisory, US Government Resource
http://www.osvdb.org/22994
http://www.osvdb.org/22995
http://www.securityfocus.com/bid/16564Patch
http://www.vupen.com/english/advisories/2006/0490

Timeline

Published: Feb 13, 2006
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2006-0056?

How severe is CVE-2006-0056?

Severity scoring for CVE-2006-0056 is pending analysis. The EPSS model estimates a 6.32% probability of exploitation in the next 30 days.

How do I fix CVE-2006-0056?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2006-0056?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST