13 matches found
Apache HTTP Server auth_ldap Logging Function Format String (CVE-2005-3656; CVE-2006-0150)
There exists a format string vulnerability in the authldap module used with Apache HTTP server. The vulnerability is a result of the failure to properly verify string arguments passed to a logging function, resulting in a memory corruption condition. A remote attacker can exploit this vulnerabili...
Gentoo Security Advisory GLSA 200601-05 (mod_auth_pgsql)
The remote host is missing updates announced in advisory GLSA 200601-05. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Gentoo Security Advisory GLSA 200601-05 (mod_auth_pgsql)
The remote host is missing updates announced in advisory GLSA 200601-05. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...
Debian Security Advisory DSA 935-1 (libapache2-mod-auth-pgsql)
The remote host is missing an update to libapache2-mod-auth-pgsql announced via advisory DSA 935-1. iDEFENSE reports that a format string vulnerability in modauthpgsql, a library used to authenticate web users against a PostgreSQL database, could be used to execute arbitrary code with the...
Debian DSA-935-1 : libapache2-mod-auth-pgsql - format string vulnerability
iDEFENSE reports that a format string vulnerability in modauthpgsql, a library used to authenticate web users against a PostgreSQL database, could be used to execute arbitrary code with the privileges of the httpd user. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and...
CentOS 3 / 4 : mod_auth_pgsql (CESA-2006:0164)
Updated modauthpgsql packages that fix format string security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. The modauthpgsql package is an httpd module that allows user...
Fedora Core 4 : mod_auth_pgsql-2.0.1-8.1 (2006-015)
Several format string flaws were found in the way modauthpgsql logs information. It may be possible for a remote attacker to execute arbitrary code as the 'apache' user if modauthpgsql is used for user authentication. The Common Vulnerabilities and Exposures project assigned the name CVE-2005-365...
Mandrake Linux Security Advisory : apache2-mod_auth_pgsql (MDKSA-2006:009)
iDefense discovered several format string vulnerabilities in the way that modauthpgsql logs information which could potentially be used by a remote attacker to execute arbitrary code as the apache user if modauthpgsql is used for user authentication. The provided packages have been patched to...
Fedora Core 3 : mod_auth_pgsql-2.0.1-6.2 (2006-014)
Several format string flaws were found in the way modauthpgsql logs information. It may be possible for a remote attacker to execute arbitrary code as the 'apache' user if modauthpgsql is used for user authentication. The Common Vulnerabilities and Exposures project assigned the name CVE-2005-365...
[SECURITY] [DSA 935-1] New libapache2-mod-auth-pgsql packages fix arbitrary code execution
-------------------------------------------------------------------------- Debian Security Advisory DSA 935-1 [email protected] http://www.debian.org/security/ Michael Stone January 10, 2006 http://www.debian.org/security/faq -...
[Full-disclosure] [USN-239-1] libapache2-mod-auth-pgsql vulnerability
=========================================================== Ubuntu Security Notice USN-239-1 January 09, 2006 libapache2-mod-auth-pgsql vulnerability CVE-2005-3656 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 Warty...
CVE-2005-3656
CVE-2005-3656 describes a format-string vulnerability in mod_auth_pgsql used for authenticating against PostgreSQL. The flaw in logging functions could enable remote, unauthenticated code execution with the httpd user. Affected modules include libapache2-mod-auth-pgsql; multiple advisories (Red H...
mod_auth_pgsql security update
CentOS Errata and Security Advisory CESA-2006:0164 Updated modauthpgsql packages that fix format string security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. The modauthpgsql...