Mandrake Linux Security Advisory : webmin (MDKSA-2006:125)
Medium Nessus Plugin ID 23876
SynopsisThe remote Mandrake Linux host is missing a security update.
DescriptionWebmin before 1.290 and Usermin before 1.220 calls the simplify_path function before decoding HTML, which allows remote attackers to read arbitrary files. NOTE: This is a different issue than CVE-2006-3274.
Updated packages have been patched to correct this issue.
SolutionUpdate the affected webmin package.