Mandrake Linux Security Advisory : webmin (MDKSA-2005:223)
High Nessus Plugin ID 20454
SynopsisThe remote Mandrake Linux host is missing a security update.
DescriptionJack Louis discovered a format string vulnerability in miniserv.pl Perl web server in Webmin before 1.250 and Usermin before 1.180, with syslog logging enabled. This can allow remote attackers to cause a denial of service (crash or memory consumption) and possibly execute arbitrary code via format string specifiers in the username parameter to the login form, which is ultimately used in a syslog call.
SolutionUpdate the affected webmin package.