Release DateDec 24, 2011 |
Severityhigh |
ImpactSystem Compromise: Remote attackers can gain control of vulnerable systems. |
DescriptionThis indicates an attempt to exploit a Format String vulnerability in Apache auth_ldap.The vulnerability is caused by an input validation error in the "auth_ldap_log_reason" function. It allows remote attackers to execute arbitrary code via a maliciously crafted username. |
Affected ProductsApache auth_ldap 1.6.0 and earlier versions |
Recommended ActionsUpgrade to auth_ldap (1.6.1 or later), available from the web site below:http://www.rudedog.org/auth_ldap/Changes.html |
Coverage IPS
VCM |
Common Vulnerabilities and Exposures (CVE)CVE-2006-0150 |
Reference/shttp://www.securityfocus.com/bid/16177 (BugTraq) |
