GLSA-200601-05 : mod_auth_pgsql: Multiple format string vulnerabilities

This script is Copyright (C) 2006-2015 Tenable Network Security, Inc.

Synopsis :

The remote Gentoo host is missing one or more security-related

Description :

The remote host is affected by the vulnerability described in GLSA-200601-05
(mod_auth_pgsql: Multiple format string vulnerabilities)

The error logging functions of mod_auth_pgsql fail to validate certain
strings before passing them to syslog, resulting in format string

Impact :

An unauthenticated remote attacker could exploit these vulnerabilities
to execute arbitrary code with the rights of the user running the
Apache2 server by sending specially crafted login names.

Workaround :

There is no known workaround at this time.

See also :

Solution :

All mod_auth_pgsql users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=www-apache/mod_auth_pgsql-2.0.3'

Risk factor :

Critical / CVSS Base Score : 10.0

Family: Gentoo Local Security Checks

Nessus Plugin ID: 20415 (gentoo_GLSA-200601-05.nasl)

Bugtraq ID:

CVE ID: CVE-2005-3656