|
|
>> Gentoo Security Update Fixes mod_auth_pgsql Format String Issues
|
Title : Gentoo Security Update Fixes mod_auth_pgsql Format String Issues
VUPEN ID : VUPEN/ADV-2006-0131
CVE ID : CVE-2005-3656
Rated as : Critical 
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2006-01-11
|
Gentoo has released updated packages to address multiple vulnerabilities identified in mod_auth_pgsql. These flaws are due to format string errors in the logging functionality that does not properly validate certain strings before being passed to syslog, which could be exploited by unauthenticated remote attackers to compromise a vulnerable web server where mod_auth_pgsql is configured to perform user authentication against a PostgreSQL database. For additional information, see : VUPEN/ADV-2006-0070
Affected Products
net-www/mod_auth_pgsql versions prior to 2.0.3
Solution
Upgrade the affected package :
# emerge --sync
# emerge --ask --oneshot --verbose " >=net-www/mod_auth_pgsql-2.0.3"
References
http://www.vupen.com/english/advisories/2006/0131
http://www.frsirt.com/english/reference/4231
ChangeLog
2006-01-11 : Initial release
Vulnerability Management
Subscribe to VUPEN VNS and receive real-time e-mail and SMS alerts when new advisories or patches relevant to your systems and network configurations are available.
Feedback
If you have additional information or corrections for this security advisory please submit them via our contact form. | |
|
