Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-3656

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2005-3656
Last Modified 07 Mar 2011 12:00:00
Published 31 Dec 2005 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-3656

Summary

Multiple format string vulnerabilities in logging functions in mod_auth_pgsql before 2.0.3, when used for user authentication against a PostgreSQL database, allows remote unauthenticated attackers to execute arbitrary code, as demonstrated via the username.

Vulnerable Systems

Application

  • Guiseppe Tanzilli And Matthias Eckermann Mod Auth Pgsql 0.9.5

  • Guiseppe Tanzilli And Matthias Eckermann Mod Auth Pgsql 0.9.6

  • Guiseppe Tanzilli And Matthias Eckermann Mod Auth Pgsql 2.0.3


References

UBUNTU - USN-239-1

TRUSTIX - 2006-0002

BID - 16153

REDHAT - RHSA-2006:0164

CONFIRM - http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00016.html

CONFIRM - http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00015.html

IDEFENSE - 20060109 Multiple Vendor mod_auth_pgsql Format String Vulnerability

CONFIRM - http://www.giuseppetanzilli.it/mod%5Fauth%5Fpgsql2/

GENTOO - GLSA-200601-05

DEBIAN - DSA-935

SECTRACK - 1015446

SECUNIA - 18517

SECUNIA - 18463

SECUNIA - 18403

SECUNIA - 18397

SECUNIA - 18350

SECUNIA - 18348

SECUNIA - 18347

SECUNIA - 18321

SECUNIA - 18304

SGI - 20060101-01-U

VUPEN - ADV-2006-0070

MANDRIVA - MDKSA-2006:009


Last Updated: 27 May 2016 10:41:00