Apache database open to remote attack


Apache database open to remote attack

Antony Savvas

Companies running a popular open-source database on Apache servers run the risk of falling victim to a critical security flaw.

The flaw affects firms running Apache with a PostgreSQL database, potentially allowing remote attackers to compromise systems.

Open-source software company Red Hat warned of the flaw and issued a patch to prevent users falling victim to the vulnerability in the mod_auth_pgsql module.

This module allows Apache users to authenticate information held in the open-source PostgreSQL database.

Security software companies including iDefense and Secunia have discovered several format string flaws in the way mod_auth_pgsql logs information. The flaws could allow unauthenticated remote attackers to execute malicious code using the same privileges held by the Apache user.

Other open-source software companies, including Ubuntu and Mandriva, have also issued patches against the problem.

Apache is the most widely used server software on the internet.

Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy