Debian Security Advisory DSA 952-1 (libapache-auth-ldap) Network Vulnerability

Summary

The remote host is missing an update to libapache-auth-ldap announced via advisory DSA 952-1. Seregorn discovered a format string vulnerability in the logging function of libapache-auth-ldap, an LDAP authentication module for the Apache webserver, that can lead to the execution of arbitrary code. For the old stable distribution (woody) this problem has been fixed in version 1.6.0-3.1.

Solution

For the stable distribution (sarge) this problem has been fixed in version 1.6.0-8.1 The unstable distribution (sid) does no longer contain libapache-auth-ldap. We recommend that you upgrade your libapache-auth-ldap package. https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20952-1

Severity

Classification

CVE CVE-2006-0150
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Debian Security Advisory DSA 1026-1 (sash)
Debian Security Advisory DSA 098-1 (libgtop)
Debian Security Advisory DSA 100-1 (gzip)
Debian Security Advisory DSA 106-1 (rsync)
Debian Security Advisory DSA 1070-1 (kernel-source-2.4.19,kernel-image-sparc-2.4,kernel-patch-2.4.19-mips)

Take action and discover your vulnerabilities