Vulnerability Description
Multiple format string vulnerabilities in the auth_ldap_log_reason function in Apache auth_ldap 1.6.0 and earlier allows remote attackers to execute arbitrary code via various vectors, including the username.
CVSS Score
7.5
HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dave Carrigan | Auth Ldap | 1.2.1 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/18382PatchVendor Advisory
- http://secunia.com/advisories/18405PatchVendor Advisory
- http://secunia.com/advisories/18412PatchVendor Advisory
- http://secunia.com/advisories/18568PatchVendor Advisory
- http://securitytracker.com/id?1015456
- http://www.debian.org/security/2006/dsa-952PatchVendor Advisory
- http://www.digitalarmaments.com/2006090173928420.htmlVendor AdvisoryURL Repurposed
- http://www.redhat.com/support/errata/RHSA-2006-0179.htmlPatchVendor Advisory
- http://www.rudedog.org/auth_ldap/Changes.html
- http://www.securityfocus.com/archive/1/421286/100/0/threaded
- http://www.securityfocus.com/bid/16177Patch
- http://www.vupen.com/english/advisories/2006/0117Vendor Advisory
- http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:017PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24030
- http://secunia.com/advisories/18382PatchVendor Advisory
FAQ
What is CVE-2006-0150?
CVE-2006-0150 is a vulnerability with a CVSS score of 7.5 (HIGH). Multiple format string vulnerabilities in the auth_ldap_log_reason function in Apache auth_ldap 1.6.0 and earlier allows remote attackers to execute arbitrary code via various vectors, including the u...
How severe is CVE-2006-0150?
CVE-2006-0150 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-0150?
Check the references section above for vendor advisories and patch information. Affected products include: Dave Carrigan Auth Ldap.