Mandrake Linux Security Advisory : webmin (MDKSA-2005:176)

High Nessus Plugin ID 20429


The remote Mandrake Linux host is missing a security update.

Description in Webmin 1.220, when 'full PAM conversations' is enabled, allows remote attackers to bypass authentication by spoofing session IDs via certain metacharacters (line feed or carriage return).

The updated packages have been patched to correct this issues.


Update the affected webmin package.

Plugin Details

Severity: High

ID: 20429

File Name: mandrake_MDKSA-2005-176.nasl

Version: $Revision: 1.11 $

Type: local

Published: 2006/01/15

Modified: 2013/05/31

Dependencies: 12634

Risk Information

Risk Factor: High


Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:webmin, cpe:/o:mandriva:linux:2006

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Patch Publication Date: 2005/10/07

Reference Information

CVE: CVE-2005-3042

MDKSA: 2005:176