CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
Percentile
96.1%
CentOS Errata and Security Advisory CESA-2006:0179-01
The auth_ldap package is an httpd module that allows user authentication
against information stored in an LDAP database.
A format string flaw was found in the way auth_ldap logs information. It
may be possible for a remote attacker to execute arbitrary code as the
‘apache’ user if auth_ldap is used for user authentication. The Common
Vulnerabilities and Exposures project assigned the name CVE-2006-0150
to this issue.
Note that this issue only affects servers that have auth_ldap installed and
configured to perform user authentication against an LDAP database.
All users of auth_ldap should upgrade to this updated package, which
contains a backported patch to resolve this issue.
This issue does not affect the Red Hat Enterprise Linux 3 or 4
distributions as they do not include the auth_ldap package.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2006-January/074740.html
Affected packages:
auth_ldap
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 2 | i386 | auth_ldap | < 1.4.8-3.1 | auth_ldap-1.4.8-3.1.i386.rpm |