| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 6.6 | $0-$5k | 0.00 |
Summary
A vulnerability has been found in mod_auth_pgsql 0.9.5/0.9.6/2.0.3 and classified as problematic. This affects an unknown part of the component Log Handler. The manipulation leads to format string. This vulnerability is traded as CVE-2005-3656. It is possible to initiate the attack remotely. There is no exploit available. The affected component should be upgraded.
Details
A vulnerability was found in mod_auth_pgsql 0.9.5/0.9.6/2.0.3 and classified as critical. This issue affects an unknown part of the component Log Handler. The manipulation with an unknown input leads to a format string vulnerability. Using CWE to declare the problem leads to CWE-134. The product uses a function that accepts a format string as an argument, but the format string originates from an external source. Impacted is confidentiality, integrity, and availability. The summary by CVE is:
Multiple format string vulnerabilities in logging functions in mod_auth_pgsql before 2.0.3, when used for user authentication against a PostgreSQL database, allows remote unauthenticated attackers to execute arbitrary code, as demonstrated via the username.
The weakness was shared 01/06/2006 by Sparfell with iDEFENSE as Bug 177042 as not defined bug report (Bugzilla). The advisory is shared at bugzilla.redhat.com. The identification of this vulnerability is CVE-2005-3656 since 11/18/2005. The attack may be initiated remotely. No form of authentication is needed for a successful exploitation. Neither technical details nor an exploit are publicly available.
It is declared as proof-of-concept. The vulnerability scanner Nessus provides a plugin with the ID 21887 (CentOS 3 / 4 : mod_auth_pgsql (CESA-2006:0164)), which helps to determine the existence of the flaw in a target environment. It is assigned to the family CentOS Local Security Checks and running in the context l. The commercial vulnerability scanner Qualys is able to test this issue with plugin 117763 (CentOS Security Update for mod_auth_pgsql (CESA-2006:0164)).
Upgrading eliminates this vulnerability. Applying a patch is able to eliminate this problem. The bugfix is ready for download at giuseppetanzilli.it. The best possible mitigation is suggested to be upgrading to the latest version. A possible mitigation has been published 4 days after the disclosure of the vulnerability. Attack attempts may be identified with Snort ID 16198. Furthermore it is possible to detect and prevent this kind of attack with TippingPoint and the filter 8669.
The vulnerability is also documented in the databases at X-Force (24003), Tenable (21887), SecurityFocus (BID 16153†), OSVDB (22259†) and Secunia (SA18403†). If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Product
Name
Version
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 7.3VulDB Meta Temp Score: 6.6
VulDB Base Score: 7.3
VulDB Temp Score: 6.6
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Format stringCWE: CWE-134 / CWE-119
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Status: Proof-of-Concept
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 21887
Nessus Name: CentOS 3 / 4 : mod_auth_pgsql (CESA-2006:0164)
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
Nessus Context: 🔍
Nessus Port: 🔍
OpenVAS ID: 56115
OpenVAS Name: Debian Security Advisory DSA 935-1 (libapache2-mod-auth-pgsql)
OpenVAS File: 🔍
OpenVAS Family: 🔍
Qualys ID: 🔍
Qualys Name: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
Reaction Time: 🔍
Exposure Time: 🔍
Patch: giuseppetanzilli.it
Snort ID: 16198
TippingPoint: 🔍
McAfee IPS: 🔍
McAfee IPS Version: 🔍
PaloAlto IPS: 🔍
Fortigate IPS: 🔍
Timeline
11/18/2005 🔍12/31/2005 🔍
12/31/2005 🔍
01/06/2006 🔍
01/06/2006 🔍
01/06/2006 🔍
01/06/2006 🔍
01/10/2006 🔍
01/10/2006 🔍
01/10/2006 🔍
01/11/2006 🔍
07/03/2006 🔍
06/29/2025 🔍
Sources
Advisory: Bug 177042Researcher: Sparfell
Organization: iDEFENSE
Status: Confirmed
Confirmation: 🔍
CVE: CVE-2005-3656 (🔍)
GCVE (CVE): GCVE-0-2005-3656
GCVE (VulDB): GCVE-100-1949
OVAL: 🔍
X-Force: 24003
SecurityFocus: 16153 - Apache mod_auth_pgsql Multiple Format String Vulnerabilities
Secunia: 18403 - Gentoo update for mod_auth_pgsql, Highly Critical
OSVDB: 22259 - mod_auth_pgsql for Apache HTTP Server Log Function Format String
SecurityTracker: 1015446 - mod_auth_pgsql Format String Bugs Let Remote Users Execute Arbitrary Code
Vulnerability Center: 10129 - mod_auth_pgsql for Apache2 Format String Vulnerabilities, Medium
Vupen: ADV-2006-0070
Entry
Created: 01/10/2006 12:13Updated: 06/29/2025 00:44
Changes: 01/10/2006 12:13 (91), 01/11/2019 12:14 (13), 03/12/2021 10:01 (2), 06/29/2025 00:44 (18)
Complete: 🔍
Cache ID: 216:1E3:103
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
No comments yet. Languages: en.
Please log in to comment.