Pufferüberläufe in mod_auth_pgsql
ID: | FEDORA-2005-014 |
Distribution: | Fedora |
Plattformen: | Fedora Core 3 |
Datum: | Fr, 6. Januar 2006, 18:46 |
Referenzen: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3656 |
Applikationen: | mod_auth_pgsql |
Originalnachricht |
|
--------------------------------------------------------------------- Fedora Update Notification FEDORA-2005-014 2006-01-06 --------------------------------------------------------------------- Product : Fedora Core 3 Name : mod_auth_pgsql Version : 2.0.1 Release : 6.2 Summary : Basic authentication for the Apache web server using a PostgreSQL database. Description : mod_auth_pgsql can be used to limit access to documents served by a web server by checking fields in a table in a PostgresQL database. --------------------------------------------------------------------- Update Information: Several format string flaws were found in the way mod_auth_pgsql logs information. It may be possible for a remote attacker to execute arbitrary code as the 'apache' user if mod_auth_pgsql is used for user authentication. The Common Vulnerabilities and Exposures project assigned the name CVE-2005-3656 to this issue. Please note that this issue only affects servers which have mod_auth_pgsql installed and configured to perform user authentication against a PostgreSQL database. Red Hat would like to thank iDefense for reporting this issue. --------------------------------------------------------------------- * Fri Jan 6 2006 Joe Orton |