|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[SA18382] Apache auth_ldap Module "auth_ldap_log_reason()" Format String Vulnerability
From: Secunia Security Advisories (sec-adv
secunia.com)
Date: Tue Jan 10 2006 - 07:32:04 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
TITLE:
Apache auth_ldap Module "auth_ldap_log_reason()" Format String
Vulnerability
SECUNIA ADVISORY ID:
SA18382
VERIFY ADVISORY:
http://secunia.com/advisories/18382/
CRITICAL:
Highly critical
IMPACT:
System access
WHERE:
From remote
SOFTWARE:
auth_ldap 1.x (module for Apache)
http://secunia.com/product/6764/
DESCRIPTION:
Seregorn has reported a vulnerability in the auth_ldap module for
Apache, which can be exploited by malicious people to compromise a
vulnerable system.
The vulnerability is caused due to a format string error in the
"auth_ldap_log_reason()" function. This can be exploited to execute
arbitrary code by e.g. supplying a specially crafted username in the
authentication process.
The vulnerability has been reported in versions 1.2.x through 1.6.0.
Prior versions may also be affected.
SOLUTION:
Update to version 1.6.1:
http://www.rudedog.org/auth_ldap/auth_ldap-1.6.1.tar.gz
PROVIDED AND/OR DISCOVERED BY:
Seregorn
ORIGINAL ADVISORY:
Digital Armaments:
http://www.digitalarmaments.com/2006090173928420.html
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
----------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]