CVE-2005-3656 - Secunia Advisories - Vulnerability Intelligence

CVE Reference: CVE-2005-3656
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2005-3656

Description: Multiple format string vulnerabilities in logging functions in mod_auth_pgsql before 2.0.3, when used for user authentication against a PostgreSQL database, allows remote unauthenticated attackers to execute arbitrary code, as demonstrated via the username.

CVE Status: Candidate

References: UBUNTU http://www.ubuntulinux.org/support/documentation/usn/usn-239-1 TRUSTIX http://www.trustix.org/errata/2006/0002/ ST 1015446 SGI SAID Secunia Advisory: SA18463 Secunia Advisory: SA18517 Secunia Advisory: SA18403 Secunia Advisory: SA18397 Secunia Advisory: SA18350 Secunia Advisory: SA18347 Secunia Advisory: SA18348 Secunia Advisory: SA18304 Secunia Advisory: SA18321 REDHAT http://www.redhat.com/support/errata/RHSA-2006-0164.html MANDRIVA http://frontal2.mandriva.com/security/advisories?name=MDKSA-2006:009 IDEFENSE http://www.idefense.com/intelligence/vulnerabilities/display.php?id=367 GENTOO http://www.gentoo.org/security/en/glsa/glsa-200601-05.xml DEBIAN http://www.debian.de/security/2006/dsa-935 CONFIRM http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00015.html http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00016.html http://www.giuseppetanzilli.it/mod%5Fauth%5Fpgsql2/ BID 16153

Return to the previous page.