CVE-2006-0150

NameCVE-2006-0150
DescriptionMultiple format string vulnerabilities in the auth_ldap_log_reason function in Apache auth_ldap 1.6.0 and earlier allows remote attackers to execute arbitrary code via various vectors, including the username.
SourceCVE (at NVD; oss-sec, fulldisc, OSVDB, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, more)
ReferencesDSA-952-1
NVD severityhigh (attack range: remote)
Debian Bugs347416
Debian/oldoldstablenot known to be vulnerable.
Debian/oldstablenot known to be vulnerable.
Debian/stablenot known to be vulnerable.
Debian/testingnot known to be vulnerable.
Debian/unstablenot known to be vulnerable.

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
libapache-auth-ldapsource(unstable)(unfixed)high347416
libapache-auth-ldapsourcesarge1.6.0-8.1highDSA-952-1
libapache-auth-ldapsourcewoody1.6.0-3.1highDSA-952-1

Search for package or bug name: Reporting problems