How to Buy
This script is Copyright (C) 2006-2014 Tenable Network Security, Inc.
The remote Red Hat host is missing a security update.
Updated mod_auth_pgsql packages that fix format string security issues
are now available for Red Hat Enterprise Linux 3 and 4.
This update has been rated as having critical security impact by the
Red Hat Security Response Team.
The mod_auth_pgsql package is an httpd module that allows user
authentication against information stored in a PostgreSQL database.
Several format string flaws were found in the way mod_auth_pgsql logs
information. It may be possible for a remote attacker to execute
arbitrary code as the 'apache' user if mod_auth_pgsql is used for user
authentication. The Common Vulnerabilities and Exposures project
assigned the name CVE-2005-3656 to this issue.
Please note that this issue only affects servers which have
mod_auth_pgsql installed and configured to perform user authentication
against a PostgreSQL database.
All users of mod_auth_pgsql should upgrade to these updated packages,
which contain a backported patch to resolve this issue.
This issue does not affect the mod_auth_pgsql package supplied with
Red Hat Enterprise Linux 2.1.
Red Hat would like to thank iDefense for reporting this issue.
See also :
Update the affected mod_auth_pgsql package.
Risk factor :
Critical / CVSS Base Score : 10.0
Family: Red Hat Local Security Checks
Nessus Plugin ID: 20399 ()
CVE ID: CVE-2005-3656
Nessus Professional: Scan unlimited IPs, run compliance checks & moreNessus Cloud: The power of Nessus for teams – from the cloud
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.