Rapid7 Vulnerability & Exploit Database

CESA-2006:0164: mod_auth_pgsql security update

Free InsightVM Trial No credit card necessary
Watch Demo See how it all works
Back to Search

CESA-2006:0164: mod_auth_pgsql security update



Updated mod_auth_pgsql packages that fix format string security issues are now available for CentOS Linux 3 and 4. This update has been rated as having critical security impact by the Red Hat Security Response Team.

The mod_auth_pgsql package is an httpd module that allows user authentication against information stored in a PostgreSQL database. Several format string flaws were found in the way mod_auth_pgsql logs information. It may be possible for a remote attacker to execute arbitrary code as the 'apache' user if mod_auth_pgsql is used for user authentication. The Common Vulnerabilities and Exposures project assigned the name CVE-2005-3656 to this issue. Please note that this issue only affects servers which have mod_auth_pgsql installed and configured to perform user authentication against a PostgreSQL database. All users of mod_auth_pgsql should upgrade to these updated packages, which contain a backported patch to resolve this issue. This issue does not affect the mod_auth_pgsql package supplied with CentOS Enterprise Linux 2.1. CentOS would like to thank iDefense for reporting this issue.


  • centos-upgrade-mod_auth_pgsql

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center