Mandrake Linux Security Advisory : webmin (MDKSA-2006:170-1)
Medium Nessus Plugin ID 24556
SynopsisThe remote Mandrake Linux host is missing a security update.
DescriptionWebmin before 1.296 and Usermin before 1.226 does not properly handle a URL with a null ('%00') character, which allows remote attackers to conduct cross-site scripting (XSS), read CGI program source code, list directories, and possibly execute programs.
Updated packages have been patched to correct this issue.
Packages are now available for Mandriva Linux 2007.
SolutionUpdate the affected webmin package.