Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.50690
Category:Mandrake Local Security Checks
Title:Mandrake Security Advisory MDKSA-2003:025 (webmin)
Summary:NOSUMMARY
Description:Description:

The remote host is missing an update to webmin
announced via advisory MDKSA-2003:025.

A vulnerability was discovered in webmin by Cintia M. Imanishi, in the
miniserv.pl program, which is the core server of webmin. This
vulnerability allows an attacker to spoof a session ID by including
special metacharacters in the BASE64 encoding string used during the
authentication process. This could allow an attacker to gain full
administrative access to webmin.

MandrakeSoft encourages all users to upgrade immediately.

Affected versions: 7.2, 8.0, 8.1, 8.2, 9.0,
Single Network Firewall 7.2


Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

https://secure1.securityspace.com/smysecure/catid.html?in=MDKSA-2003:025
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0101
http://marc.theaimsgroup.com/?l=webmin-announce&m=104587858408101&w=2

Risk factor : Critical

CVSS Score:
10.0

Cross-Ref: BugTraq ID: 6915
Common Vulnerability Exposure (CVE) ID: CVE-2003-0101
http://www.securityfocus.com/bid/6915
Bugtraq: 20030224 GLSA: usermin (200302-14) (Google Search)
http://marc.info/?l=bugtraq&m=104610336226274&w=2
Bugtraq: 20030224 Webmin 1.050 - 1.060 remote exploit (Google Search)
http://marc.info/?l=bugtraq&m=104610245624895&w=2
Bugtraq: 20030224 [SNS Advisory No.62] Webmin/Usermin Session ID Spoofing Vulnerability "Episode 2" (Google Search)
http://marc.info/?l=bugtraq&m=104610300325629&w=2
Computer Incident Advisory Center Bulletin: N-058
http://www.ciac.org/ciac/bulletins/n-058.shtml
Debian Security Information: DSA-319 (Google Search)
http://www.debian.org/security/2003/dsa-319
En Garde Linux Advisory: ESA-20030225-006
http://archives.neohapsis.com/archives/linux/engarde/2003-q1/0008.html
HPdes Security Advisory: HPSBUX0303-250
http://archives.neohapsis.com/archives/hp/2003-q1/0063.html
http://www.mandriva.com/security/advisories?name=MDKSA-2003:025
http://www.lac.co.jp/security/english/snsadv_e/62_e.html
http://www.securitytracker.com/id?1006160
http://secunia.com/advisories/8115
http://secunia.com/advisories/8163
SGI Security Advisory: 20030602-01-I
ftp://patches.sgi.com/support/free/security/advisories/20030602-01-I
http://www.iss.net/security_center/static/11390.php
CopyrightCopyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.