|
Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200601-05] mod_auth_pgsql: Multiple format string vulnerabilities Vulnerability Scan
Vulnerability Scan Summary mod_auth_pgsql: Multiple format string vulnerabilities
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200601-05
(mod_auth_pgsql: Multiple format string vulnerabilities)
The error logging functions of mod_auth_pgsql fail to validate
certain strings before passing them to syslog, resulting in format
string vulnerabilities.
Impact
An unauthenticated remote attacker could exploit these
vulnerabilities to execute arbitrary code with the rights of the user
running the Apache2 server by sending specially crafted login names.
Workaround
There is no known workaround at this time.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3656
http://www.frsirt.com/english/advisories/2006/0070
Solution:
All mod_auth_pgsql users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-www/mod_auth_pgsql-2.0.3"
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|