CVE-2005-3656

Related Files

Debian Linux Security Advisory 935-1

Posted Jan 11, 2006

Authored by Debian | Site debian.org

Debian Security Advisory DSA 935-1 - iDEFENSE reports that a format string vulnerability in mod_auth_pgsql, a library used to authenticate web users against a PostgreSQL database, could be used to execute arbitrary code with the privileges of the httpd user.

tags | advisory, web, arbitrary

systems | linux, debian

advisories | CVE-2005-3656

SHA-256 | 1fbfde729d90ef315a3051158507d630b5d803b682fc8400630a25098f30c0cd

Download | Favorite | View

iDEFENSE Security Advisory 2006-01-09.t

Posted Jan 10, 2006

Authored by iDefense Labs, Sparfell | Site idefense.com

iDefense Security Advisory 01.09.06 - Remote exploitation of a format string vulnerability in multiple versions of the mod_auth_pgsql authentication module for the Apache httpd could allow the execution of arbitrary code in the context of the httpd. iDefense has confirmed the existence of this vulnerability in version 2.0.2b1 of mod_auth_pgsql for Apache 2.x. It is suspected that earlier versions are also affected.

tags | advisory, remote, arbitrary

advisories | CVE-2005-3656

SHA-256 | ae77cef4cf235c34da71db3beb1be182bb43f82c88e9232aab6802083553935b

Download | Favorite | View

Ubuntu Security Notice 239-1

Posted Jan 10, 2006

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-239-1 - Several format string vulnerabilities were discovered in the error logging handling of libapache2-mod-auth-pgsql. By sending specially crafted user names, an unauthenticated remote attacker could exploit this to crash the Apache server or possibly even execute arbitrary code with the privileges of Apache.

tags | advisory, remote, arbitrary, vulnerability

systems | linux, ubuntu

advisories | CVE-2005-3656

SHA-256 | 23b54dba202b1193ff7f41a09eb34ff60b78ed247b392d8f10c370bb15fbcf9d

Download | Favorite | View