CVE Reference: CAN-2005-1121 (Links to External Site) Version(s): 1.5.23 and prior versions Description: A format string vulnerability was reported in Oops! A remote user may be able to execute arbitrary code. The passwd_mysql/passwd_pgsql module auth() function contains a call to the my_xlog() function that does not include a format string specifier. A remote user can supply a specially crafted HTTP request to trigger the vulnerability and cause the service to crash or execute arbitrary code. A demonstration exploit request is provided: GET http://%s%s%s%s%s%s%s%s/ HTTP/1.0 Host: ghc.ru Proxy-Authorization: Basic Z2hjOnJzdA== The flaw resides in 'passwd_sql.c'. Edisan from RST/GHC reported this vulnerability. Impact: A remote user can cause the service to crash or execute arbitrary code. Solution: A patch is available at: http://zipper.paco.net/~igor/oops/diff_from_1.5.23.patch.gz
net-proxy please advise.
bug confirmed. I've bumped version to the current 1.5.24 pre-release and marked as stable on x86.
sparc done.
GLSA 200505-02, thanks everyone!
