| Vulnerability Name: | CVE-2005-3656 (CCN-24003) | ||||||||||||||||
| Assigned: | 2005-12-31 | ||||||||||||||||
| Published: | 2005-12-31 | ||||||||||||||||
| Updated: | 2018-10-03 | ||||||||||||||||
| Summary: | Multiple format string vulnerabilities in logging functions in mod_auth_pgsql before 2.0.3, when used for user authentication against a PostgreSQL database, allows remote unauthenticated attackers to execute arbitrary code, as demonstrated via the username. | ||||||||||||||||
| CVSS v3 Severity: | 9.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||||||||||
| CVSS v2 Severity: | 10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C) 7.4 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
5.6 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
| ||||||||||||||||
| Vulnerability Type: | CWE-134 | ||||||||||||||||
| Vulnerability Consequences: | Gain Access | ||||||||||||||||
| References: | Source: SGI Type: Patch 20060101-01-U Source: MITRE Type: CNA CVE-2005-3656 Source: CCN Type: RHSA-2006-0164 mod_auth_pgsql security update Source: CCN Type: SA18304 mod_auth_pgsql Apache Module Format String Vulnerabilities Source: SECUNIA Type: Patch, Vendor Advisory 18304 Source: SECUNIA Type: Patch, Vendor Advisory 18321 Source: SECUNIA Type: Patch, Vendor Advisory 18347 Source: SECUNIA Type: Patch, Vendor Advisory 18348 Source: SECUNIA Type: Patch, Vendor Advisory 18350 Source: SECUNIA Type: Patch, Vendor Advisory 18397 Source: SECUNIA Type: Patch, Vendor Advisory 18403 Source: SECUNIA Type: Patch, Vendor Advisory 18463 Source: SECUNIA Type: Patch, Vendor Advisory 18517 Source: CCN Type: SECTRACK ID: 1015446 mod_auth_pgsql Format String Bugs Let Remote Users Execute Arbitrary Code Source: SECTRACK Type: Patch 1015446 Source: CCN Type: ASA-2006-003 mod_auth_pgsql security update (RHSA-2006-0164) Source: DEBIAN Type: Patch, Vendor Advisory DSA-935 Source: DEBIAN Type: DSA-935 libapache2-mod-auth-pgsql -- format string vulnerability Source: CCN Type: GLSA-200601-05 mod_auth_pgsql: Multiple format string vulnerabilities Source: GENTOO Type: Patch, Vendor Advisory GLSA-200601-05 Source: CONFIRM Type: Patch http://www.giuseppetanzilli.it/mod%5Fauth%5Fpgsql2/ Source: CCN Type: mod_auth_pgsql Web page Apache2 Module mod_auth_pgsql Source: IDEFENSE Type: Patch, Vendor Advisory 20060109 Multiple Vendor mod_auth_pgsql Format String Vulnerability Source: MANDRIVA Type: UNKNOWN MDKSA-2006:009 Source: CONFIRM Type: Patch http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00015.html Source: CONFIRM Type: Patch http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00016.html Source: REDHAT Type: Patch RHSA-2006:0164 Source: BID Type: Patch 16153 Source: CCN Type: BID-16153 Apache mod_auth_pgsql Multiple Format String Vulnerabilities Source: TRUSTIX Type: Patch 2006-0002 Source: CCN Type: USN-239-1 libapache2-mod-auth-pgsqlvulnerability Source: VUPEN Type: UNKNOWN ADV-2006-0070 Source: XF Type: UNKNOWN apache-modauthpgsql-format-string(24003) Source: CCN Type: iDEFENSE Security Advisory 01.09.06 Multiple Vendor mod_auth_pgsql Format String Vulnerability Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:10600 Source: UBUNTU Type: UNKNOWN USN-239-1 | ||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration RedHat 1: Configuration RedHat 2: Configuration RedHat 3: Configuration RedHat 4: Configuration RedHat 5: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||||||
| Oval Definitions | |||||||||||||||||
| |||||||||||||||||
| BACK | |||||||||||||||||