CVE-2005-3656

Name of the Vulnerable Software and Affected Versions mod auth pgsql versions prior to 2.0.3

Description The issue concerns multiple format string vulnerabilities in logging functions. These vulnerabilities can be exploited by remote unauthenticated attackers to execute arbitrary code when mod auth pgsql is used for user authentication against a PostgreSQL database. This can be achieved by manipulating the username variable.

Recommendations For versions prior to 2.0.3, update to version 2.0.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the logging functions until a patch is available. Avoid using user-supplied input for the username variable in the affected logging functions until the issue is resolved.