|
|
Subscribe / Log in / New account

auth_ldap: format string vulnerability

Package(s):auth_ldap CVE #(s):CVE-2006-0150
Created:January 10, 2006 Updated:February 28, 2006
Description: The auth_ldap package is an httpd module that allows user authentication against information stored in an LDAP database. A format string flaw was found in the way auth_ldap logs information. It may be possible for a remote attacker to execute arbitrary code as the 'apache' user if auth_ldap is used for user authentication.
Alerts:
Fedora-Legacy FLSA:177694 auth_ldap 2006-02-27
Debian DSA-952-1 libapache-auth-ldap 2006-01-23
Mandriva MDKSA-2006:017 mod_auth_ldap 2006-01-19
Red Hat RHSA-2006:0179-01 auth_ldap 2006-01-10
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds