Apache database open to remote attack
Companies running a popular open-source database on Apache servers run the risk of falling victim to a critical security flaw.
Companies running a popular open-source database on Apache servers run the risk of falling victim to a critical security flaw.
The flaw affects firms running Apache with a PostgreSQL database, potentially allowing remote attackers to compromise systems.
Open-source software company Red Hat warned of the flaw and issued a patch to prevent users falling victim to the vulnerability in the mod_auth_pgsql module.
This module allows Apache users to authenticate information held in the open-source PostgreSQL database.
Security software companies including iDefense and Secunia have discovered several format string flaws in the way mod_auth_pgsql logs information. The flaws could allow unauthenticated remote attackers to execute malicious code using the same privileges held by the Apache user.
Other open-source software companies, including Ubuntu and Mandriva, have also issued patches against the problem.
Apache is the most widely used server software on the internet.