NVD

CVE-2005-3656 Detail

Modified

This CVE record has been updated after NVD enrichment efforts were completed. Enrichment data supplied by the NVD may require amendment due to these changes.

Current Description

Multiple format string vulnerabilities in logging functions in mod_auth_pgsql before 2.0.3, when used for user authentication against a PostgreSQL database, allows remote unauthenticated attackers to execute arbitrary code, as demonstrated via the username.

View Analysis Description

Metrics

NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.

CVSS 4.0 Severity and Vector Strings:

NIST: NVD

N/A

NVD assessment not yet provided.

CVSS 3.x Severity and Vector Strings:

NIST: NVD

Base Score: N/A

NVD assessment not yet provided.

CVSS 2.0 Severity and Vector Strings:

National Institute of Standards and Technology

NIST: NVD

Base Score: 10.0 HIGH

Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)

Evaluator Solution

This vulnerability affects mod_auth_pgsql for Apache2, most likely in all Linux and UNIX environments. This vulnerability affects all versions of mod_auth_pgsql before 2.0.3

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Hyperlink	Resource
ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U	Patch
ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U	Patch
http://secunia.com/advisories/18304	Patch Vendor Advisory
http://secunia.com/advisories/18304	Patch Vendor Advisory
http://secunia.com/advisories/18321	Patch Vendor Advisory
http://secunia.com/advisories/18321	Patch Vendor Advisory
http://secunia.com/advisories/18347	Patch Vendor Advisory
http://secunia.com/advisories/18347	Patch Vendor Advisory
http://secunia.com/advisories/18348	Patch Vendor Advisory
http://secunia.com/advisories/18348	Patch Vendor Advisory
http://secunia.com/advisories/18350	Patch Vendor Advisory
http://secunia.com/advisories/18350	Patch Vendor Advisory
http://secunia.com/advisories/18397	Patch Vendor Advisory
http://secunia.com/advisories/18397	Patch Vendor Advisory
http://secunia.com/advisories/18403	Patch Vendor Advisory
http://secunia.com/advisories/18403	Patch Vendor Advisory
http://secunia.com/advisories/18463	Patch Vendor Advisory
http://secunia.com/advisories/18463	Patch Vendor Advisory
http://secunia.com/advisories/18517	Patch Vendor Advisory
http://secunia.com/advisories/18517	Patch Vendor Advisory
http://securitytracker.com/id?1015446	Patch
http://securitytracker.com/id?1015446	Patch
http://www.debian.de/security/2006/dsa-935	Patch Vendor Advisory
http://www.debian.de/security/2006/dsa-935	Patch Vendor Advisory
http://www.gentoo.org/security/en/glsa/glsa-200601-05.xml	Patch Vendor Advisory
http://www.gentoo.org/security/en/glsa/glsa-200601-05.xml	Patch Vendor Advisory
http://www.giuseppetanzilli.it/mod_auth_pgsql2/
http://www.giuseppetanzilli.it/mod_auth_pgsql2/
http://www.idefense.com/intelligence/vulnerabilities/display.php?id=367	Patch Vendor Advisory
http://www.idefense.com/intelligence/vulnerabilities/display.php?id=367	Patch Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2006:009
http://www.mandriva.com/security/advisories?name=MDKSA-2006:009
http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00015.html	Patch
http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00015.html	Patch
http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00016.html	Patch
http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00016.html	Patch
http://www.redhat.com/support/errata/RHSA-2006-0164.html	Patch
http://www.redhat.com/support/errata/RHSA-2006-0164.html	Patch
http://www.securityfocus.com/bid/16153	Patch
http://www.securityfocus.com/bid/16153	Patch
http://www.trustix.org/errata/2006/0002/	Patch
http://www.trustix.org/errata/2006/0002/	Patch
http://www.vupen.com/english/advisories/2006/0070
http://www.vupen.com/english/advisories/2006/0070
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10600
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10600
https://usn.ubuntu.com/239-1/
https://usn.ubuntu.com/239-1/

Weakness Enumeration

CWE-ID	CWE Name	Source
CWE-134	Use of Externally-Controlled Format String	NIST

Known Affected Software Configurations Switch to CPE 2.2

Configuration 1 ( hide )

cpe:2.3:a:guiseppe_tanzilli_and_matthias_eckermann:mod_auth_pgsql:0.9.5:::::::* Show Matching CPE(s)
cpe:2.3:a:guiseppe_tanzilli_and_matthias_eckermann:mod_auth_pgsql:0.9.6:::::::* Show Matching CPE(s)
cpe:2.3:a:guiseppe_tanzilli_and_matthias_eckermann:mod_auth_pgsql:::::::: Show Matching CPE(s)	Up to (including) 2.0.3

Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.

Change History

6 change records found show changes

CVE Modified by CVE 11/20/2024 7:02:21 PM

Action	Type	New Value
Added	Reference	ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U
Added	Reference	http://secunia.com/advisories/18304
Added	Reference	http://secunia.com/advisories/18321
Added	Reference	http://secunia.com/advisories/18347
Added	Reference	http://secunia.com/advisories/18348
Added	Reference	http://secunia.com/advisories/18350
Added	Reference	http://secunia.com/advisories/18397
Added	Reference	http://secunia.com/advisories/18403
Added	Reference	http://secunia.com/advisories/18463
Added	Reference	http://secunia.com/advisories/18517
Added	Reference	http://securitytracker.com/id?1015446
Added	Reference	http://www.debian.de/security/2006/dsa-935
Added	Reference	http://www.gentoo.org/security/en/glsa/glsa-200601-05.xml
Added	Reference	http://www.giuseppetanzilli.it/mod_auth_pgsql2/
Added	Reference	http://www.idefense.com/intelligence/vulnerabilities/display.php?id=367
Added	Reference	http://www.mandriva.com/security/advisories?name=MDKSA-2006:009
Added	Reference	http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00015.html
Added	Reference	http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00016.html
Added	Reference	http://www.redhat.com/support/errata/RHSA-2006-0164.html
Added	Reference	http://www.securityfocus.com/bid/16153
Added	Reference	http://www.trustix.org/errata/2006/0002/
Added	Reference	http://www.vupen.com/english/advisories/2006/0070
Added	Reference	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10600
Added	Reference	https://usn.ubuntu.com/239-1/

Quick Info

CVE Dictionary Entry:
CVE-2005-3656
NVD Published Date:
12/31/2005
NVD Last Modified:
11/20/2024
Source:
MITRE

You are viewing this page in an unauthorized frame window.

Information Technology Laboratory

National Vulnerability Database

National Vulnerability Database

CVE-2005-3656 Detail

Current Description

Analysis Description

Metrics

Evaluator Solution

References to Advisories, Solutions, and Tools

Weakness Enumeration

Known Affected Software Configurations Switch to CPE 2.2

CPEs loading, please wait.

Change History

CVE Modified by CVE 11/20/2024 7:02:21 PM

CVE Modified by MITRE 5/13/2024 9:32:29 PM

CVE Modified by MITRE 11/06/2023 8:57:53 PM

CVE Modified by MITRE 10/03/2018 5:33:35 PM

CVE Modified by MITRE 10/10/2017 9:30:27 PM

Initial CVE Analysis 4/04/2006 3:47:00 PM

Quick Info