Vulnerability-Lookup

CVE-2006-0150 (GCVE-0-2006-0150)

Vulnerability from cvelistv5 – Published: 2006-01-09 23:00 – Updated: 2024-08-07 16:25

Summary

Multiple format string vulnerabilities in the auth_ldap_log_reason function in Apache auth_ldap 1.6.0 and earlier allows remote attackers to execute arbitrary code via various vectors, including the username.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://www.vupen.com/english/advisories/2006/0117	vdb-entryx_refsource_VUPEN
	http://securitytracker.com/id?1015456	vdb-entryx_refsource_SECTRACK
	http://secunia.com/advisories/18412	third-party-advisoryx_refsource_SECUNIA
	http://wwwnew.mandriva.com/security/advisories?na…	vendor-advisoryx_refsource_MANDRIVA
	http://secunia.com/advisories/18382	third-party-advisoryx_refsource_SECUNIA
	http://www.rudedog.org/auth_ldap/Changes.html	x_refsource_CONFIRM
	http://www.securityfocus.com/archive/1/421286/100…	mailing-listx_refsource_BUGTRAQ
	http://www.securityfocus.com/bid/16177	vdb-entryx_refsource_BID
	http://secunia.com/advisories/18568	third-party-advisoryx_refsource_SECUNIA
	http://www.redhat.com/support/errata/RHSA-2006-01…	vendor-advisoryx_refsource_REDHAT
	http://www.digitalarmaments.com/2006090173928420.html	x_refsource_MISC
	http://www.debian.org/security/2006/dsa-952	vendor-advisoryx_refsource_DEBIAN
	http://secunia.com/advisories/18405	third-party-advisoryx_refsource_SECUNIA

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T16:25:33.624Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "apache-authldap-format-string(24030)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24030"
          },
          {
            "name": "ADV-2006-0117",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/0117"
          },
          {
            "name": "1015456",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1015456"
          },
          {
            "name": "18412",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/18412"
          },
          {
            "name": "MDKSA-2006:017",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:017"
          },
          {
            "name": "18382",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/18382"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.rudedog.org/auth_ldap/Changes.html"
          },
          {
            "name": "20060109 Digital Armaments Security Advisory 01.09.2006: Apache auth_ldap module Multiple Format Strings Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/421286/100/0/threaded"
          },
          {
            "name": "16177",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/16177"
          },
          {
            "name": "18568",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/18568"
          },
          {
            "name": "RHSA-2006:0179",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2006-0179.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.digitalarmaments.com/2006090173928420.html"
          },
          {
            "name": "DSA-952",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2006/dsa-952"
          },
          {
            "name": "18405",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/18405"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-01-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple format string vulnerabilities in the auth_ldap_log_reason function in Apache auth_ldap 1.6.0 and earlier allows remote attackers to execute arbitrary code via various vectors, including the username."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-19T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "apache-authldap-format-string(24030)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24030"
        },
        {
          "name": "ADV-2006-0117",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/0117"
        },
        {
          "name": "1015456",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1015456"
        },
        {
          "name": "18412",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/18412"
        },
        {
          "name": "MDKSA-2006:017",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:017"
        },
        {
          "name": "18382",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/18382"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.rudedog.org/auth_ldap/Changes.html"
        },
        {
          "name": "20060109 Digital Armaments Security Advisory 01.09.2006: Apache auth_ldap module Multiple Format Strings Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/421286/100/0/threaded"
        },
        {
          "name": "16177",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/16177"
        },
        {
          "name": "18568",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/18568"
        },
        {
          "name": "RHSA-2006:0179",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2006-0179.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.digitalarmaments.com/2006090173928420.html"
        },
        {
          "name": "DSA-952",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2006/dsa-952"
        },
        {
          "name": "18405",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/18405"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-0150",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple format string vulnerabilities in the auth_ldap_log_reason function in Apache auth_ldap 1.6.0 and earlier allows remote attackers to execute arbitrary code via various vectors, including the username."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "apache-authldap-format-string(24030)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24030"
            },
            {
              "name": "ADV-2006-0117",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/0117"
            },
            {
              "name": "1015456",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1015456"
            },
            {
              "name": "18412",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/18412"
            },
            {
              "name": "MDKSA-2006:017",
              "refsource": "MANDRIVA",
              "url": "http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:017"
            },
            {
              "name": "18382",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/18382"
            },
            {
              "name": "http://www.rudedog.org/auth_ldap/Changes.html",
              "refsource": "CONFIRM",
              "url": "http://www.rudedog.org/auth_ldap/Changes.html"
            },
            {
              "name": "20060109 Digital Armaments Security Advisory 01.09.2006: Apache auth_ldap module Multiple Format Strings Vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/421286/100/0/threaded"
            },
            {
              "name": "16177",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/16177"
            },
            {
              "name": "18568",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/18568"
            },
            {
              "name": "RHSA-2006:0179",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2006-0179.html"
            },
            {
              "name": "http://www.digitalarmaments.com/2006090173928420.html",
              "refsource": "MISC",
              "url": "http://www.digitalarmaments.com/2006090173928420.html"
            },
            {
              "name": "DSA-952",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2006/dsa-952"
            },
            {
              "name": "18405",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/18405"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-0150",
    "datePublished": "2006-01-09T23:00:00",
    "dateReserved": "2006-01-09T00:00:00",
    "dateUpdated": "2024-08-07T16:25:33.624Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:dave_carrigan:auth_ldap:1.2.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"678DC013-C189-4450-83D7-7CA83978D867\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:dave_carrigan:auth_ldap:1.2.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"67834D84-DA08-4598-AA6F-7C2AD095AEAF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:dave_carrigan:auth_ldap:1.2.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8DDE2D83-0427-406F-95C7-DF4E04191A0E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:dave_carrigan:auth_ldap:1.2.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C38EB5CF-BB53-4639-8B78-48A9115D7B69\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:dave_carrigan:auth_ldap:1.3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"93EB949A-CB30-4B43-A767-8BF3B19748D9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:dave_carrigan:auth_ldap:1.3.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0B4B7D2F-8078-4602-9858-D17EADD0BCFF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:dave_carrigan:auth_ldap:1.3.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6B1FD235-E1F6-4487-B653-7C2B8227A225\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:dave_carrigan:auth_ldap:1.3.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"21A3A182-E506-4259-AD0F-9F158D8CAEA5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:dave_carrigan:auth_ldap:1.3.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BFBA6A46-7FC9-46C7-8213-121D2DE72D13\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:dave_carrigan:auth_ldap:1.4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"67F8E9FB-C4DF-4570-B7EE-3A85836F00C8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:dave_carrigan:auth_ldap:1.4.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FB747406-CFC4-44AF-9862-6EDCD2D463D9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:dave_carrigan:auth_ldap:1.4.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5B4C635C-9D6D-41A2-956F-7C1D293CF048\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:dave_carrigan:auth_ldap:1.6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"662A811A-7352-42A3-8448-9B430DC28E83\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Multiple format string vulnerabilities in the auth_ldap_log_reason function in Apache auth_ldap 1.6.0 and earlier allows remote attackers to execute arbitrary code via various vectors, including the username.\"}]",
      "id": "CVE-2006-0150",
      "lastModified": "2024-11-21T00:05:46.093",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 7.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": true, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2006-01-09T23:03:00.000",
      "references": "[{\"url\": \"http://secunia.com/advisories/18382\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/18405\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/18412\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/18568\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://securitytracker.com/id?1015456\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.debian.org/security/2006/dsa-952\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.digitalarmaments.com/2006090173928420.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\", \"URL Repurposed\"]}, {\"url\": \"http://www.redhat.com/support/errata/RHSA-2006-0179.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.rudedog.org/auth_ldap/Changes.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/archive/1/421286/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/16177\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2006/0117\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:017\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/24030\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/18382\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/18405\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/18412\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/18568\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://securitytracker.com/id?1015456\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.debian.org/security/2006/dsa-952\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.digitalarmaments.com/2006090173928420.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\", \"URL Repurposed\"]}, {\"url\": \"http://www.redhat.com/support/errata/RHSA-2006-0179.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.rudedog.org/auth_ldap/Changes.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/421286/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/16177\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2006/0117\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:017\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/24030\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-134\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2006-0150\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2006-01-09T23:03:00.000\",\"lastModified\":\"2025-04-03T01:03:51.193\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Multiple format string vulnerabilities in the auth_ldap_log_reason function in Apache auth_ldap 1.6.0 and earlier allows remote attackers to execute arbitrary code via various vectors, including the username.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":true,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-134\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dave_carrigan:auth_ldap:1.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"678DC013-C189-4450-83D7-7CA83978D867\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dave_carrigan:auth_ldap:1.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"67834D84-DA08-4598-AA6F-7C2AD095AEAF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dave_carrigan:auth_ldap:1.2.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8DDE2D83-0427-406F-95C7-DF4E04191A0E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dave_carrigan:auth_ldap:1.2.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C38EB5CF-BB53-4639-8B78-48A9115D7B69\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dave_carrigan:auth_ldap:1.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"93EB949A-CB30-4B43-A767-8BF3B19748D9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dave_carrigan:auth_ldap:1.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0B4B7D2F-8078-4602-9858-D17EADD0BCFF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dave_carrigan:auth_ldap:1.3.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6B1FD235-E1F6-4487-B653-7C2B8227A225\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dave_carrigan:auth_ldap:1.3.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"21A3A182-E506-4259-AD0F-9F158D8CAEA5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dave_carrigan:auth_ldap:1.3.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BFBA6A46-7FC9-46C7-8213-121D2DE72D13\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dave_carrigan:auth_ldap:1.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"67F8E9FB-C4DF-4570-B7EE-3A85836F00C8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dave_carrigan:auth_ldap:1.4.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FB747406-CFC4-44AF-9862-6EDCD2D463D9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dave_carrigan:auth_ldap:1.4.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5B4C635C-9D6D-41A2-956F-7C1D293CF048\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dave_carrigan:auth_ldap:1.6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"662A811A-7352-42A3-8448-9B430DC28E83\"}]}]}],\"references\":[{\"url\":\"http://secunia.com/advisories/18382\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/18405\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/18412\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/18568\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://securitytracker.com/id?1015456\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.debian.org/security/2006/dsa-952\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.digitalarmaments.com/2006090173928420.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\",\"URL Repurposed\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2006-0179.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.rudedog.org/auth_ldap/Changes.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/421286/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/16177\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.vupen.com/english/advisories/2006/0117\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:017\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/24030\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/18382\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/18405\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/18412\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/18568\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://securitytracker.com/id?1015456\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.debian.org/security/2006/dsa-952\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.digitalarmaments.com/2006090173928420.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\",\"URL Repurposed\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2006-0179.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.rudedog.org/auth_ldap/Changes.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/421286/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/16177\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.vupen.com/english/advisories/2006/0117\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:017\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/24030\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

CERTA-2006-AVI-015

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité dans le module pour Apache auth_ldap permet à un utilisateur mal intentionné d'éxecuter du code arbitraire à distance.

Description

auth_ldap permet la mise en œuvre dans Apache de l'authentification à partir d'un annuaire LDAP (Lightweight Directory Access). Un manque de contrôle du nom d'utilisateur (username) fourni lors de l'authentification permet à un utilisateur distant mal intentionné d'exécuter du code arbitraire par le biais d'un nom d'utilisateur malicieusement constitué.

Solution

La version 1.6.1 de auth_ldap corrige le problème :

http://www.rudedog.org/auth_ldap/auth_ldap-1.6.1.tar.gz

auth_ldap versions 1.6.0 et antérieures.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Liste des changements apportés dans la version 1.6.1 du 09 janvier 2006	None	vendor-advisory
Bulletin de sécurité Debian DSA-952 du 23 janvier 2006 :	-	other
Liste des changements apportés dans la version 1.6.1 :	-	other
Bulletin de sécurité Mandriva MDKSA-2006:017 du 19 janvier 2006 :	-	other
Bulletin de sécurité RedHat RHSA-2006:0179 du 10 janvier 2006	-	other
Site de l'éditeur :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cTT\u003eauth_ldap\u003c/TT\u003e versions 1.6.0 et  ant\u00e9rieures.",
  "content": "## Description\n\nauth_ldap permet la mise en \u0153uvre dans Apache de l\u0027authentification \u00e0\npartir d\u0027un annuaire LDAP (Lightweight Directory Access). Un manque de\ncontr\u00f4le du nom d\u0027utilisateur (username) fourni lors de\nl\u0027authentification permet \u00e0 un utilisateur distant mal intentionn\u00e9\nd\u0027ex\u00e9cuter du code arbitraire par le biais d\u0027un nom d\u0027utilisateur\nmalicieusement constitu\u00e9.\n\n## Solution\n\nLa version 1.6.1 de auth_ldap corrige le probl\u00e8me :\n\n    http://www.rudedog.org/auth_ldap/auth_ldap-1.6.1.tar.gz\n",
  "cves": [
    {
      "name": "CVE-2006-0150",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-0150"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Debian DSA-952 du 23 janvier 2006 :",
      "url": "http://www.debian.org/security/2006/dsa-952"
    },
    {
      "title": "Liste des changements apport\u00e9s dans la version 1.6.1 :",
      "url": "http://www.rudedog.org/auth_ldap/Changes.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Mandriva MDKSA-2006:017 du 19 janvier    2006 :",
      "url": "http://wwwnew.mandriva.com/security/advisories,name=MDKSA-2006:017"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2006:0179 du 10 janvier    2006",
      "url": "http://rhn.redhat.com/errata/RHSA-2006-0179.html"
    },
    {
      "title": "Site de l\u0027\u00e9diteur :",
      "url": "http://www.rudedog.org/auth_ldap"
    }
  ],
  "reference": "CERTA-2006-AVI-015",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2006-01-10T00:00:00.000000"
    },
    {
      "description": "ajout de la r\u00e9f\u00e9rence au bulletin de s\u00e9curit\u00e9 Mandriva et \u00e0 la r\u00e9f\u00e9rence CVE.",
      "revision_date": "2006-01-20T00:00:00.000000"
    },
    {
      "description": "ajout des r\u00e9f\u00e9rences aux bulletins de s\u00e9curit\u00e9 RedHat et Debian.",
      "revision_date": "2006-01-23T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 dans le module pour Apache auth_ldap permet \u00e0 un\nutilisateur mal intentionn\u00e9 d\u0027\u00e9xecuter du code arbitraire \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans auth_ldap pour Apache",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Liste des changements apport\u00e9s dans la version 1.6.1 du 09 janvier 2006",
      "url": null
    }
  ]
}

CERTA-2006-AVI-015

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité dans le module pour Apache auth_ldap permet à un utilisateur mal intentionné d'éxecuter du code arbitraire à distance.

Description

Solution

La version 1.6.1 de auth_ldap corrige le problème :

http://www.rudedog.org/auth_ldap/auth_ldap-1.6.1.tar.gz

auth_ldap versions 1.6.0 et antérieures.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Liste des changements apportés dans la version 1.6.1 du 09 janvier 2006	None	vendor-advisory
Bulletin de sécurité Debian DSA-952 du 23 janvier 2006 :	-	other
Liste des changements apportés dans la version 1.6.1 :	-	other
Bulletin de sécurité Mandriva MDKSA-2006:017 du 19 janvier 2006 :	-	other
Bulletin de sécurité RedHat RHSA-2006:0179 du 10 janvier 2006	-	other
Site de l'éditeur :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cTT\u003eauth_ldap\u003c/TT\u003e versions 1.6.0 et  ant\u00e9rieures.",
  "content": "## Description\n\nauth_ldap permet la mise en \u0153uvre dans Apache de l\u0027authentification \u00e0\npartir d\u0027un annuaire LDAP (Lightweight Directory Access). Un manque de\ncontr\u00f4le du nom d\u0027utilisateur (username) fourni lors de\nl\u0027authentification permet \u00e0 un utilisateur distant mal intentionn\u00e9\nd\u0027ex\u00e9cuter du code arbitraire par le biais d\u0027un nom d\u0027utilisateur\nmalicieusement constitu\u00e9.\n\n## Solution\n\nLa version 1.6.1 de auth_ldap corrige le probl\u00e8me :\n\n    http://www.rudedog.org/auth_ldap/auth_ldap-1.6.1.tar.gz\n",
  "cves": [
    {
      "name": "CVE-2006-0150",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-0150"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Debian DSA-952 du 23 janvier 2006 :",
      "url": "http://www.debian.org/security/2006/dsa-952"
    },
    {
      "title": "Liste des changements apport\u00e9s dans la version 1.6.1 :",
      "url": "http://www.rudedog.org/auth_ldap/Changes.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Mandriva MDKSA-2006:017 du 19 janvier    2006 :",
      "url": "http://wwwnew.mandriva.com/security/advisories,name=MDKSA-2006:017"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2006:0179 du 10 janvier    2006",
      "url": "http://rhn.redhat.com/errata/RHSA-2006-0179.html"
    },
    {
      "title": "Site de l\u0027\u00e9diteur :",
      "url": "http://www.rudedog.org/auth_ldap"
    }
  ],
  "reference": "CERTA-2006-AVI-015",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2006-01-10T00:00:00.000000"
    },
    {
      "description": "ajout de la r\u00e9f\u00e9rence au bulletin de s\u00e9curit\u00e9 Mandriva et \u00e0 la r\u00e9f\u00e9rence CVE.",
      "revision_date": "2006-01-20T00:00:00.000000"
    },
    {
      "description": "ajout des r\u00e9f\u00e9rences aux bulletins de s\u00e9curit\u00e9 RedHat et Debian.",
      "revision_date": "2006-01-23T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 dans le module pour Apache auth_ldap permet \u00e0 un\nutilisateur mal intentionn\u00e9 d\u0027\u00e9xecuter du code arbitraire \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans auth_ldap pour Apache",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Liste des changements apport\u00e9s dans la version 1.6.1 du 09 janvier 2006",
      "url": null
    }
  ]
}

FKIE_CVE-2006-0150

Vulnerability from fkie_nvd - Published: 2006-01-09 23:03 - Updated: 2025-04-03 01:03

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://secunia.com/advisories/18382	Patch, Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/18405	Patch, Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/18412	Patch, Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/18568	Patch, Vendor Advisory
cve@mitre.org	http://securitytracker.com/id?1015456
cve@mitre.org	http://www.debian.org/security/2006/dsa-952	Patch, Vendor Advisory
cve@mitre.org	http://www.digitalarmaments.com/2006090173928420.html	Vendor Advisory, URL Repurposed
cve@mitre.org	http://www.redhat.com/support/errata/RHSA-2006-0179.html	Patch, Vendor Advisory
cve@mitre.org	http://www.rudedog.org/auth_ldap/Changes.html
cve@mitre.org	http://www.securityfocus.com/archive/1/421286/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/16177	Patch
cve@mitre.org	http://www.vupen.com/english/advisories/2006/0117	Vendor Advisory
cve@mitre.org	http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:017	Patch, Vendor Advisory
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/24030
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/18382	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/18405	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/18412	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/18568	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1015456
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2006/dsa-952	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.digitalarmaments.com/2006090173928420.html	Vendor Advisory, URL Repurposed
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2006-0179.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.rudedog.org/auth_ldap/Changes.html
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/421286/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/16177	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2006/0117	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:017	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/24030

Impacted products

Vendor	Product	Version
dave_carrigan	auth_ldap	1.2.1
dave_carrigan	auth_ldap	1.2.2
dave_carrigan	auth_ldap	1.2.3
dave_carrigan	auth_ldap	1.2.4
dave_carrigan	auth_ldap	1.3.0
dave_carrigan	auth_ldap	1.3.1
dave_carrigan	auth_ldap	1.3.2
dave_carrigan	auth_ldap	1.3.3
dave_carrigan	auth_ldap	1.3.4
dave_carrigan	auth_ldap	1.4.0
dave_carrigan	auth_ldap	1.4.2
dave_carrigan	auth_ldap	1.4.3
dave_carrigan	auth_ldap	1.6.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:dave_carrigan:auth_ldap:1.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "678DC013-C189-4450-83D7-7CA83978D867",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dave_carrigan:auth_ldap:1.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "67834D84-DA08-4598-AA6F-7C2AD095AEAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dave_carrigan:auth_ldap:1.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "8DDE2D83-0427-406F-95C7-DF4E04191A0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dave_carrigan:auth_ldap:1.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C38EB5CF-BB53-4639-8B78-48A9115D7B69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dave_carrigan:auth_ldap:1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "93EB949A-CB30-4B43-A767-8BF3B19748D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dave_carrigan:auth_ldap:1.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B4B7D2F-8078-4602-9858-D17EADD0BCFF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dave_carrigan:auth_ldap:1.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B1FD235-E1F6-4487-B653-7C2B8227A225",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dave_carrigan:auth_ldap:1.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "21A3A182-E506-4259-AD0F-9F158D8CAEA5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dave_carrigan:auth_ldap:1.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "BFBA6A46-7FC9-46C7-8213-121D2DE72D13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dave_carrigan:auth_ldap:1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "67F8E9FB-C4DF-4570-B7EE-3A85836F00C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dave_carrigan:auth_ldap:1.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB747406-CFC4-44AF-9862-6EDCD2D463D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dave_carrigan:auth_ldap:1.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B4C635C-9D6D-41A2-956F-7C1D293CF048",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dave_carrigan:auth_ldap:1.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "662A811A-7352-42A3-8448-9B430DC28E83",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple format string vulnerabilities in the auth_ldap_log_reason function in Apache auth_ldap 1.6.0 and earlier allows remote attackers to execute arbitrary code via various vectors, including the username."
    }
  ],
  "id": "CVE-2006-0150",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": true,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2006-01-09T23:03:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/18382"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/18405"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/18412"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/18568"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1015456"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.debian.org/security/2006/dsa-952"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory",
        "URL Repurposed"
      ],
      "url": "http://www.digitalarmaments.com/2006090173928420.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2006-0179.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.rudedog.org/auth_ldap/Changes.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/421286/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/16177"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2006/0117"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:017"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24030"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/18382"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/18405"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/18412"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/18568"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1015456"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.debian.org/security/2006/dsa-952"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory",
        "URL Repurposed"
      ],
      "url": "http://www.digitalarmaments.com/2006090173928420.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2006-0179.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.rudedog.org/auth_ldap/Changes.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/421286/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/16177"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2006/0117"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:017"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24030"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-134"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-9GQ6-2MJQ-V47H

Vulnerability from github – Published: 2022-05-01 06:37 – Updated: 2022-05-01 06:37

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2006-0150"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-134"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2006-01-09T23:03:00Z",
    "severity": "HIGH"
  },
  "details": "Multiple format string vulnerabilities in the auth_ldap_log_reason function in Apache auth_ldap 1.6.0 and earlier allows remote attackers to execute arbitrary code via various vectors, including the username.",
  "id": "GHSA-9gq6-2mjq-v47h",
  "modified": "2022-05-01T06:37:48Z",
  "published": "2022-05-01T06:37:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-0150"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24030"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/18382"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/18405"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/18412"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/18568"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1015456"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2006/dsa-952"
    },
    {
      "type": "WEB",
      "url": "http://www.digitalarmaments.com/2006090173928420.html"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2006-0179.html"
    },
    {
      "type": "WEB",
      "url": "http://www.rudedog.org/auth_ldap/Changes.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/421286/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/16177"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2006/0117"
    },
    {
      "type": "WEB",
      "url": "http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:017"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

RHSA-2006_0179

Vulnerability from csaf_redhat - Published: 2006-01-10 19:32 - Updated: 2024-11-22 00:09

Summary

Red Hat Security Advisory: auth_ldap security update

Notes

Topic

An updated auth_ldap packages that fixes a format string security issue is now available for Red Hat Enterprise Linux 2.1. This update has been rated as having critical security impact by the Red Hat Security Response Team.

Details

The auth_ldap package is an httpd module that allows user authentication against information stored in an LDAP database. A format string flaw was found in the way auth_ldap logs information. It may be possible for a remote attacker to execute arbitrary code as the 'apache' user if auth_ldap is used for user authentication. The Common Vulnerabilities and Exposures project assigned the name CVE-2006-0150 to this issue. Note that this issue only affects servers that have auth_ldap installed and configured to perform user authentication against an LDAP database. All users of auth_ldap should upgrade to this updated package, which contains a backported patch to resolve this issue. This issue does not affect the Red Hat Enterprise Linux 3 or 4 distributions as they do not include the auth_ldap package.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Critical"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An updated auth_ldap packages that fixes a format string security issue is\nnow available for Red Hat Enterprise Linux 2.1.\n\nThis update has been rated as having critical security impact by the Red\nHat Security Response Team.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The auth_ldap package is an httpd module that allows user authentication\nagainst information stored in an LDAP database.\n\nA format string flaw was found in the way auth_ldap logs information. It\nmay be possible for a remote attacker to execute arbitrary code as the\n\u0027apache\u0027 user if auth_ldap is used for user authentication.  The Common\nVulnerabilities and Exposures project assigned the name CVE-2006-0150\nto this issue.\n\nNote that this issue only affects servers that have auth_ldap installed and\nconfigured to perform user authentication against an LDAP database.\n\nAll users of auth_ldap should upgrade to this updated package, which\ncontains a backported patch to resolve this issue.\n\nThis issue does not affect the Red Hat Enterprise Linux 3 or 4\ndistributions as they do not include the auth_ldap package.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2006:0179",
        "url": "https://access.redhat.com/errata/RHSA-2006:0179"
      },
      {
        "category": "external",
        "summary": "177421",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=177421"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2006/rhsa-2006_0179.json"
      }
    ],
    "title": "Red Hat Security Advisory: auth_ldap security update",
    "tracking": {
      "current_release_date": "2024-11-22T00:09:02+00:00",
      "generator": {
        "date": "2024-11-22T00:09:02+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2006:0179",
      "initial_release_date": "2006-01-10T19:32:00+00:00",
      "revision_history": [
        {
          "date": "2006-01-10T19:32:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2006-01-10T00:00:00+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-22T00:09:02+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
                "product": {
                  "name": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
                  "product_id": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:2.1::as"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Linux Advanced Workstation 2.1",
                "product": {
                  "name": "Red Hat Linux Advanced Workstation 2.1",
                  "product_id": "Red Hat Linux Advanced Workstation 2.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:2.1::aw"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux ES version 2.1",
                "product": {
                  "name": "Red Hat Enterprise Linux ES version 2.1",
                  "product_id": "Red Hat Enterprise Linux ES version 2.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:2.1::es"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux WS version 2.1",
                "product": {
                  "name": "Red Hat Enterprise Linux WS version 2.1",
                  "product_id": "Red Hat Enterprise Linux WS version 2.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:2.1::ws"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2006-0150",
      "discovery_date": "2006-01-09T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1617875"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Multiple format string vulnerabilities in the auth_ldap_log_reason function in Apache auth_ldap 1.6.0 and earlier allows remote attackers to execute arbitrary code via various vectors, including the username.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
          "Red Hat Enterprise Linux ES version 2.1",
          "Red Hat Enterprise Linux WS version 2.1",
          "Red Hat Linux Advanced Workstation 2.1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2006-0150"
        },
        {
          "category": "external",
          "summary": "RHBZ#1617875",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617875"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2006-0150",
          "url": "https://www.cve.org/CVERecord?id=CVE-2006-0150"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2006-0150",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-0150"
        }
      ],
      "release_date": "2006-01-09T18:36:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2006-01-10T19:32:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via Red Hat Network.  To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
          "product_ids": [
            "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
            "Red Hat Enterprise Linux ES version 2.1",
            "Red Hat Enterprise Linux WS version 2.1",
            "Red Hat Linux Advanced Workstation 2.1"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2006:0179"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "security flaw"
    }
  ]
}

RHSA-2006:0179

Vulnerability from csaf_redhat - Published: 2006-01-10 19:32 - Updated: 2025-11-21 17:29

Summary

Red Hat Security Advisory: auth_ldap security update

Notes

Topic

Details

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Critical"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An updated auth_ldap packages that fixes a format string security issue is\nnow available for Red Hat Enterprise Linux 2.1.\n\nThis update has been rated as having critical security impact by the Red\nHat Security Response Team.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The auth_ldap package is an httpd module that allows user authentication\nagainst information stored in an LDAP database.\n\nA format string flaw was found in the way auth_ldap logs information. It\nmay be possible for a remote attacker to execute arbitrary code as the\n\u0027apache\u0027 user if auth_ldap is used for user authentication.  The Common\nVulnerabilities and Exposures project assigned the name CVE-2006-0150\nto this issue.\n\nNote that this issue only affects servers that have auth_ldap installed and\nconfigured to perform user authentication against an LDAP database.\n\nAll users of auth_ldap should upgrade to this updated package, which\ncontains a backported patch to resolve this issue.\n\nThis issue does not affect the Red Hat Enterprise Linux 3 or 4\ndistributions as they do not include the auth_ldap package.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2006:0179",
        "url": "https://access.redhat.com/errata/RHSA-2006:0179"
      },
      {
        "category": "external",
        "summary": "177421",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=177421"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2006/rhsa-2006_0179.json"
      }
    ],
    "title": "Red Hat Security Advisory: auth_ldap security update",
    "tracking": {
      "current_release_date": "2025-11-21T17:29:58+00:00",
      "generator": {
        "date": "2025-11-21T17:29:58+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.12"
        }
      },
      "id": "RHSA-2006:0179",
      "initial_release_date": "2006-01-10T19:32:00+00:00",
      "revision_history": [
        {
          "date": "2006-01-10T19:32:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2006-01-10T00:00:00+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-11-21T17:29:58+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
                "product": {
                  "name": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
                  "product_id": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:2.1::as"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Linux Advanced Workstation 2.1",
                "product": {
                  "name": "Red Hat Linux Advanced Workstation 2.1",
                  "product_id": "Red Hat Linux Advanced Workstation 2.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:2.1::aw"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux ES version 2.1",
                "product": {
                  "name": "Red Hat Enterprise Linux ES version 2.1",
                  "product_id": "Red Hat Enterprise Linux ES version 2.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:2.1::es"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux WS version 2.1",
                "product": {
                  "name": "Red Hat Enterprise Linux WS version 2.1",
                  "product_id": "Red Hat Enterprise Linux WS version 2.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:2.1::ws"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2006-0150",
      "discovery_date": "2006-01-09T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1617875"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Multiple format string vulnerabilities in the auth_ldap_log_reason function in Apache auth_ldap 1.6.0 and earlier allows remote attackers to execute arbitrary code via various vectors, including the username.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
          "Red Hat Enterprise Linux ES version 2.1",
          "Red Hat Enterprise Linux WS version 2.1",
          "Red Hat Linux Advanced Workstation 2.1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2006-0150"
        },
        {
          "category": "external",
          "summary": "RHBZ#1617875",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617875"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2006-0150",
          "url": "https://www.cve.org/CVERecord?id=CVE-2006-0150"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2006-0150",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-0150"
        }
      ],
      "release_date": "2006-01-09T18:36:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2006-01-10T19:32:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via Red Hat Network.  To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
          "product_ids": [
            "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
            "Red Hat Enterprise Linux ES version 2.1",
            "Red Hat Enterprise Linux WS version 2.1",
            "Red Hat Linux Advanced Workstation 2.1"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2006:0179"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "security flaw"
    }
  ]
}

GSD-2006-0150

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2006-0150

Aliases

CVE-2006-0150

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2006-0150",
    "description": "Multiple format string vulnerabilities in the auth_ldap_log_reason function in Apache auth_ldap 1.6.0 and earlier allows remote attackers to execute arbitrary code via various vectors, including the username.",
    "id": "GSD-2006-0150",
    "references": [
      "https://www.suse.com/security/cve/CVE-2006-0150.html",
      "https://www.debian.org/security/2006/dsa-952",
      "https://access.redhat.com/errata/RHSA-2006:0179"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2006-0150"
      ],
      "details": "Multiple format string vulnerabilities in the auth_ldap_log_reason function in Apache auth_ldap 1.6.0 and earlier allows remote attackers to execute arbitrary code via various vectors, including the username.",
      "id": "GSD-2006-0150",
      "modified": "2023-12-13T01:19:50.515994Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2006-0150",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Multiple format string vulnerabilities in the auth_ldap_log_reason function in Apache auth_ldap 1.6.0 and earlier allows remote attackers to execute arbitrary code via various vectors, including the username."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "apache-authldap-format-string(24030)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24030"
          },
          {
            "name": "ADV-2006-0117",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2006/0117"
          },
          {
            "name": "1015456",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1015456"
          },
          {
            "name": "18412",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/18412"
          },
          {
            "name": "MDKSA-2006:017",
            "refsource": "MANDRIVA",
            "url": "http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:017"
          },
          {
            "name": "18382",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/18382"
          },
          {
            "name": "http://www.rudedog.org/auth_ldap/Changes.html",
            "refsource": "CONFIRM",
            "url": "http://www.rudedog.org/auth_ldap/Changes.html"
          },
          {
            "name": "20060109 Digital Armaments Security Advisory 01.09.2006: Apache auth_ldap module Multiple Format Strings Vulnerability",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/421286/100/0/threaded"
          },
          {
            "name": "16177",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/16177"
          },
          {
            "name": "18568",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/18568"
          },
          {
            "name": "RHSA-2006:0179",
            "refsource": "REDHAT",
            "url": "http://www.redhat.com/support/errata/RHSA-2006-0179.html"
          },
          {
            "name": "http://www.digitalarmaments.com/2006090173928420.html",
            "refsource": "MISC",
            "url": "http://www.digitalarmaments.com/2006090173928420.html"
          },
          {
            "name": "DSA-952",
            "refsource": "DEBIAN",
            "url": "http://www.debian.org/security/2006/dsa-952"
          },
          {
            "name": "18405",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/18405"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:dave_carrigan:auth_ldap:1.2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dave_carrigan:auth_ldap:1.3.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dave_carrigan:auth_ldap:1.3.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dave_carrigan:auth_ldap:1.2.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dave_carrigan:auth_ldap:1.3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dave_carrigan:auth_ldap:1.4.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dave_carrigan:auth_ldap:1.6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dave_carrigan:auth_ldap:1.3.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dave_carrigan:auth_ldap:1.3.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dave_carrigan:auth_ldap:1.2.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dave_carrigan:auth_ldap:1.2.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dave_carrigan:auth_ldap:1.4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dave_carrigan:auth_ldap:1.4.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-0150"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Multiple format string vulnerabilities in the auth_ldap_log_reason function in Apache auth_ldap 1.6.0 and earlier allows remote attackers to execute arbitrary code via various vectors, including the username."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-134"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.digitalarmaments.com/2006090173928420.html",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.digitalarmaments.com/2006090173928420.html"
            },
            {
              "name": "http://www.rudedog.org/auth_ldap/Changes.html",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www.rudedog.org/auth_ldap/Changes.html"
            },
            {
              "name": "16177",
              "refsource": "BID",
              "tags": [
                "Patch"
              ],
              "url": "http://www.securityfocus.com/bid/16177"
            },
            {
              "name": "RHSA-2006:0179",
              "refsource": "REDHAT",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2006-0179.html"
            },
            {
              "name": "18382",
              "refsource": "SECUNIA",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/18382"
            },
            {
              "name": "18405",
              "refsource": "SECUNIA",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/18405"
            },
            {
              "name": "1015456",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://securitytracker.com/id?1015456"
            },
            {
              "name": "DSA-952",
              "refsource": "DEBIAN",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://www.debian.org/security/2006/dsa-952"
            },
            {
              "name": "MDKSA-2006:017",
              "refsource": "MANDRIVA",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:017"
            },
            {
              "name": "18412",
              "refsource": "SECUNIA",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/18412"
            },
            {
              "name": "18568",
              "refsource": "SECUNIA",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/18568"
            },
            {
              "name": "ADV-2006-0117",
              "refsource": "VUPEN",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/0117"
            },
            {
              "name": "apache-authldap-format-string(24030)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24030"
            },
            {
              "name": "20060109 Digital Armaments Security Advisory 01.09.2006: Apache auth_ldap module Multiple Format Strings Vulnerability",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/421286/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": true,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2018-10-19T15:42Z",
      "publishedDate": "2006-01-09T23:03Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2006-0150 (GCVE-0-2006-0150)

CERTA-2006-AVI-015

Description

Solution

CERTA-2006-AVI-015

Description

Solution

FKIE_CVE-2006-0150

GHSA-9GQ6-2MJQ-V47H

RHSA-2006_0179

RHSA-2006:0179

GSD-2006-0150

Tags

Sightings

Nomenclature