Companies running a popular open-source database on Apache servers run the risk of falling victim to a critical security flaw.
The flaw affects firms running Apache with a PostgreSQL database, potentially allowing remote attackers to compromise systems.
Open-source software company Red Hat warned of the flaw and issued a patch to prevent users falling victim to the vulnerability in the mod_auth_pgsql module.
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
This module allows Apache users to authenticate information held in the open-source PostgreSQL database.
Security software companies including iDefense and Secunia have discovered several format string flaws in the way mod_auth_pgsql logs information. The flaws could allow unauthenticated remote attackers to execute malicious code using the same privileges held by the Apache user.
Other open-source software companies, including Ubuntu and Mandriva, have also issued patches against the problem.
Apache is the most widely used server software on the internet.