MidnightBSD

Advisories for dave_carrigan

CVE-2006-0150 HIGH

Multiple format string vulnerabilities in the auth_ldap_log_reason function in Apache auth_ldap 1.6.0 and earlier allows remote attackers to execute arbitrary code via various vectors, including the username.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-134,

Products Affected

Vendor Product Version
dave_carrigan auth_ldap 1.2.2
dave_carrigan auth_ldap 1.2.3
dave_carrigan auth_ldap 1.3.2
dave_carrigan auth_ldap 1.3.0
dave_carrigan auth_ldap 1.3.3
dave_carrigan auth_ldap 1.4.3
dave_carrigan auth_ldap 1.4.0
dave_carrigan auth_ldap 1.3.4
dave_carrigan auth_ldap 1.6.0
dave_carrigan auth_ldap 1.2.1
dave_carrigan auth_ldap 1.2.4
dave_carrigan auth_ldap 1.4.2
dave_carrigan auth_ldap 1.3.1