aru Posted January 20, 2006 Report Share Posted January 20, 2006 Mandriva Advisories MDKSA-2006:017 : mod_auth_ldap Updated mod_auth_ldap packages fix vulnerability January 19th, 2006 A format string flaw was discovered in the way that auth_ldap logs information which may allow a remote attacker to execute arbitrary code as the apache user if auth_ldap is used for authentication. This update provides version 1.6.1 of auth_ldap which corrects the problem.Only Corporate Server 2.1 shipped with a supported auth_ldap package. The released versions of Mandriva GNU/Linux affected are: CS2.1Full information about this advisory, including the updated packages, is available at: wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:017 Other references: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0150 Posted automatically by aru (mdksec2mub v: mdksec2mub,v 0.15 2005/11/24 16:53:12 aru Exp aru $) Link to comment Share on other sites More sharing options...
Recommended Posts