Multiple format string vulnerabilities in logging functions in mod_auth_pgsql before 2.0.3, when used for user authentication against a PostgreSQL database, allows remote unauthenticated attackers to execute arbitrary code, as demonstrated via the username. This vulnerability affects mod_auth_pgsql for Apache2, most likely in all Linux and UNIX environments. This vulnerability affects all versions of mod_auth_pgsql before 2.0.3
Publication date: Sat, 31 Dec 2005 11:00:00 +0000