Check Point Advisories

Update Protection against A Format String Vulnerability in mod_auth_pgsql for Apache

Check Point Reference: CPAI-2006-014
Date Published: 12 Feb 2006
Severity: Medium
Last Updated: Tuesday 08 May, 2007
Source: iDEFENSE ADVISORY: 01.09.06
Industry Reference:CVE-2005-3656
Protection Provided by:
Who is Vulnerable? version 2.0.2b1 of mod_auth_pgsql for Apache 2.x
Vulnerability Description A vulnerability exists in multiple versions of an authentication module (mod_auth_pgsql) for Apache httpd. To exploit this vulnerability, a user can supply specially crafted information to trigger a flaw in certain logging functions of the module. Successful exploitation could result in the execution of arbitrary code on the target system.

This module is not installed by default, but is available as a package from some vendors, including Red Hat Linux, Debian GNU/Linux and FreeBSD. Only systems that have the mod_auth_pgsql module installed and are configured to authenticate against a PostgreSQL database using this module are affected.
Vulnerability DetailsThe mod_auth_pgsql module for the Apache httpd is a third party authentication module which allows authentication details to be stored in a PostgreSQL database. To exploit the vulnerability, the attacker must know the URI of at least one resource on the Web server which authenticates using this module.

Protection Overview

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK