Mandrake Linux Security Advisory : webmin (MDKSA-2005:176)
High Nessus Plugin ID 20429
SynopsisThe remote Mandrake Linux host is missing a security update.
DescriptionMiniserv.pl in Webmin 1.220, when 'full PAM conversations' is enabled, allows remote attackers to bypass authentication by spoofing session IDs via certain metacharacters (line feed or carriage return).
The updated packages have been patched to correct this issues.
SolutionUpdate the affected webmin package.