Apache database open to remote attack

Companies running a popular open-source database on Apache servers run the risk of falling victim to a critical security flaw.

The flaw affects firms running Apache with a PostgreSQL database, potentially allowing remote attackers to compromise systems.

Open-source software company Red Hat warned of the flaw and issued a patch to prevent users falling victim to the vulnerability in the mod_auth_pgsql module.

This module allows Apache users to authenticate information held in the open-source PostgreSQL database.

Security software companies including iDefense and Secunia have discovered several format string flaws in the way mod_auth_pgsql logs information. The flaws could allow unauthenticated remote attackers to execute malicious code using the same privileges held by the Apache user.

Other open-source software companies, including Ubuntu and Mandriva, have also issued patches against the problem.

Apache is the most widely used server software on the internet.