• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Dave Carrigan Auth_LDAP Remote Format String Vulnerability

Dave Carrigan's auth_ldap is susceptible to a remote format-string vulnerability. This issue is due to the application's failure to properly sanitize user-supplied input before using it in the format-specifier of a formatted printing function.

This issue likely arises only if auth_ldap has been enabled and is used for user authentication.

This issue allows remote attackers to execute arbitrary machine code in the context of Apache webservers that use the affected module. This may facilitate the compromise of affected computers.