Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
10
CVSSv2

CVE-2005-3656

Published: 31/12/2005 Updated: 07/11/2023
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
VMScore: 890
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Mod Auth Pgsql

Vulnerability Summary

Multiple format string vulnerabilities in logging functions in mod_auth_pgsql prior to 2.0.3, when used for user authentication against a PostgreSQL database, allows remote unauthenticated malicious users to execute arbitrary code, as demonstrated via the username.

Vulnerable Product Search on Vulmon Subscribe to Product

guiseppe tanzilli and matthias eckermann mod auth pgsql 0.9.5

guiseppe tanzilli and matthias eckermann mod auth pgsql 0.9.6

guiseppe tanzilli and matthias eckermann mod auth pgsql

Vendor Advisories

Red Hat: mod_auth_pgsql security update
Synopsis mod_auth_pgsql security update Type/Severity Security Advisory: Critical Topic Updated mod_auth_pgsql packages that fix format string security issues arenow available for Red Hat Enterprise Linux 3 and 4This update has been rated as having critical security impact by the RedHat Security Response T ...
Ubuntu Security Notice: libapache2-mod-auth-pgsql vulnerability
Several format string vulnerabilities were discovered in the error logging handling By sending specially crafted user names, an unauthenticated remote attacker could exploit this to crash the Apache server or possibly even execute arbitrary code with the privileges of Apache (user ‘www-data’) ...
Debian Security Advisories: DSA-935-1 libapache2-mod-auth-pgsql -- format string vulnerability
iDEFENSE reports that a format string vulnerability in mod_auth_pgsql, a library used to authenticate web users against a PostgreSQL database, could be used to execute arbitrary code with the privileges of the httpd user The old stable distribution (woody) does not contain libapache2-mod-auth-pgsql For the stable distribution (sarge) this problem ...

References

CWE-134http://www.redhat.com/support/errata/RHSA-2006-0164.htmlhttp://www.securityfocus.com/bid/16153http://secunia.com/advisories/18304http://secunia.com/advisories/18321http://www.idefense.com/intelligence/vulnerabilities/display.php?id=367http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00016.htmlhttp://www.redhat.com/archives/fedora-announce-list/2006-January/msg00015.htmlhttp://securitytracker.com/id?1015446http://secunia.com/advisories/18348http://secunia.com/advisories/18347http://secunia.com/advisories/18350http://www.debian.de/security/2006/dsa-935http://www.gentoo.org/security/en/glsa/glsa-200601-05.xmlhttp://secunia.com/advisories/18397http://secunia.com/advisories/18403ftp://patches.sgi.com/support/free/security/advisories/20060101-01-Uhttp://secunia.com/advisories/18517http://www.trustix.org/errata/2006/0002/http://secunia.com/advisories/18463http://www.mandriva.com/security/advisories?name=MDKSA-2006:009http://www.vupen.com/english/advisories/2006/0070https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10600https://usn.ubuntu.com/239-1/http://www.giuseppetanzilli.it/mod_auth_pgsql2/https://access.redhat.com/errata/RHSA-2006:0164https://usn.ubuntu.com/239-1/https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322cross-site request forgeryunauthorizedCVE-2024-33925reflected XSSCVE-2023-51580CVE-2023-51579CVE-2015-2051CVE-2023-51609
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook