RHSA-2006:0164 Red Hat Security Advisory: mod_auth_pgsql security update

Bulletin has no description...

Gentoo Security Advisory GLSA 200601-05 (mod_auth_pgsql)

The remote host is missing updates announced in advisory GLSA 200601-05. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

Gentoo Security Advisory GLSA 200601-05 (mod_auth_pgsql)

The remote host is missing updates announced in advisory GLSA 200601-05. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CentOS 3 / 4 : mod_auth_pgsql (CESA-2006:0164)

Updated modauthpgsql packages that fix format string security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. The modauthpgsql package is an httpd module that allows user...

Update Protection against A Format String Vulnerability in mod_auth_pgsql for Apache

A vulnerability exists in multiple versions of an authentication module modauthpgsql for Apache httpd. To exploit this vulnerability, a user can supply specially crafted information to trigger a flaw in certain logging functions of the module. Successful exploitation could result in the execution...

Fedora Core 3 : mod_auth_pgsql-2.0.1-6.2 (2006-014)

Several format string flaws were found in the way modauthpgsql logs information. It may be possible for a remote attacker to execute arbitrary code as the 'apache' user if modauthpgsql is used for user authentication. The Common Vulnerabilities and Exposures project assigned the name CVE-2005-365...

Fedora Core 4 : mod_auth_pgsql-2.0.1-8.1 (2006-015)

Several format string flaws were found in the way modauthpgsql logs information. It may be possible for a remote attacker to execute arbitrary code as the 'apache' user if modauthpgsql is used for user authentication. The Common Vulnerabilities and Exposures project assigned the name CVE-2005-365...

GLSA-200601-05 : mod_auth_pgsql: Multiple format string vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200601-05 modauthpgsql: Multiple format string vulnerabilities The error logging functions of modauthpgsql fail to validate certain strings before passing them to syslog, resulting in format string vulnerabilities. Impact : An...

Mandrake Linux Security Advisory : apache2-mod_auth_pgsql (MDKSA-2006:009)

iDefense discovered several format string vulnerabilities in the way that modauthpgsql logs information which could potentially be used by a remote attacker to execute arbitrary code as the apache user if modauthpgsql is used for user authentication. The provided packages have been patched to...

RHEL 4 : mod_auth_pgsql (RHSA-2006:0164)

The remote Redhat Enterprise Linux 4 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2006:0164 advisory. - security flaw CVE-2005-3656 Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version...

[SECURITY] [DSA 935-1] New libapache2-mod-auth-pgsql packages fix arbitrary code execution

-------------------------------------------------------------------------- Debian Security Advisory DSA 935-1 [email protected] http://www.debian.org/security/ Michael Stone January 10, 2006 http://www.debian.org/security/faq -...

mod_auth_pgsql: Multiple format string vulnerabilities

Background modauthpgsql is an Apache2 module that allows user authentication against a PostgreSQL database. Description The error logging functions of modauthpgsql fail to validate certain strings before passing them to syslog, resulting in format string vulnerabilities. Impact An unauthenticated...

iDefense Security Advisory 01.09.06: Multiple Vendor mod_auth_pgsql Format String Vulnerability

Multiple Vendor modauthpgsql Format String Vulnerability iDefense Security Advisory 01.09.06 http://www.idefense.com/intelligence/vulnerabilities/display.php?id=367 January 09, 2006 I. BACKGROUND The modauthpgsql apache module allows user authentication against information stored in a PostgreSQL...

CVE-2005-3656

CVE-2005-3656 describes a format-string vulnerability in mod_auth_pgsql used for authenticating against PostgreSQL. The flaw in logging functions could enable remote, unauthenticated code execution with the httpd user. Affected modules include libapache2-mod-auth-pgsql; multiple advisories (Red H...

CVE-2005-3656

Multiple format string vulnerabilities in logging functions in modauthpgsql before 2.0.3, when used for user authentication against a PostgreSQL database, allows remote unauthenticated attackers to execute arbitrary code, as demonstrated via the username...

CVE-2005-3656

Removed by vendor...

Critical: Red Hat Security Advisory: mod_auth_pgsql security update

Updated modauthpgsql packages that fix format string security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. The modauthpgsql package is an httpd module that allows user...

security flaw

Multiple format string vulnerabilities in logging functions in modauthpgsql before 2.0.3, when used for user authentication against a PostgreSQL database, allows remote unauthenticated attackers to execute arbitrary code, as demonstrated via the username...

Apache < 2.0.3 mod_auth_pgsql Module Server Log Format String

Binary data 3358.prm...

CVE-2005-3656

Multiple format string vulnerabilities in logging functions in modauthpgsql before 2.0.3, when used for user authentication against a PostgreSQL database, allows remote unauthenticated attackers to execute arbitrary code, as demonstrated via the username...