The MITRE CVE dictionary describes this issue as:

Multiple format string vulnerabilities in logging functions in mod_auth_pgsql before 2.0.3, when used for user authentication against a PostgreSQL database, allows remote unauthenticated attackers to execute arbitrary code, as demonstrated via the username.

Find out more about CVE-2005-3656 from the MITRE CVE dictionary dictionary and NIST NVD.

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux version 3 (mod_auth_pgsql) RHSA-2006:0164 2006-01-06
Red Hat Enterprise Linux version 4 (mod_auth_pgsql) RHSA-2006:0164 2006-01-06


Red Hat would like to thank iDefense for reporting this issue.