Mandrake Linux Security Advisory : webmin (MDKSA-2003:025)

This script is Copyright (C) 2004-2013 Tenable Network Security, Inc.


Synopsis :

The remote Mandrake Linux host is missing a security update.

Description :

A vulnerability was discovered in webmin by Cintia M. Imanishi, in the
miniserv.pl program, which is the core server of webmin. This
vulnerability allows an attacker to spoof a session ID by including
special metacharacters in the BASE64 encoding string used during the
authentication process. This could allow an attacker to gain full
administrative access to webmin.

MandrakeSoft encourages all users to upgrade immediately.

See also :

http://marc.info/?l=webmin-announce&m=104587858408101&w=2

Solution :

Update the affected webmin package.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

Family: Mandriva Local Security Checks

Nessus Plugin ID: 14009 (mandrake_MDKSA-2003-025.nasl)

Bugtraq ID:

CVE ID: CVE-2003-0101

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now