Family: Fedora Local Security Checks --> Category: infos
Fedora Core 3 2006-014: mod_auth_pgsql Vulnerability Scan
Vulnerability Scan Summary
Check for the version of the mod_auth_pgsql package
Detailed Explanation for this Vulnerability Test
The remote host is missing the patch for the advisory FEDORA-2006-014 (mod_auth_pgsql).
mod_auth_pgsql can be used to limit access to documents served by a web server
by checking fields in a table in a PostgresQL database.
Several format string flaws were found in the way
mod_auth_pgsql logs information. It may be possible for a
remote attacker to execute arbitrary code as the 'apache'
user if mod_auth_pgsql is used for user authentication. The
Common Vulnerabilities and Exposures project assigned the
name CVE-2005-3656 to this issue.
Please note that this issue only affects servers which have
mod_auth_pgsql installed and configured to perform user
authentication against a PostgreSQL database.
Red Hat would like to thank iDefense for reporting this issue.
Solution : Get the newest Fedora Updates
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.