Advisories

Mandriva Advisories

Package name	webmin
Date	October 7th, 2005
Advisory ID	MDKSA-2005:176
Affected versions	2006.0
Synopsis	Updated webmin package fixes authentication bypass vulnerability

Problem Description

Miniserv.pl in Webmin 1.220, when "full PAM conversations" is enabled, allows remote attackers to bypass authentication by spoofing session IDs via certain metacharacters (line feed or carriage return).

The updated packages have been patched to correct this issues.

Updated Packages

Mandrivalinux 2006

a848ccbf6344438775ec1304879aef4d  2006.0/RPMS/webmin-1.220-9.1.20060mdk.noarch.rpm
bd414e303f86c49a7544a9b8bb99d4a9  2006.0/SRPMS/webmin-1.220-9.1.20060mdk.src.rpm

Mandrivalinux 2006/X86_64

c9aa3f93679c4aa22d0d56843315bb13  x86_64/2006.0/RPMS/webmin-1.220-9.1.20060mdk.noarch.rpm
bd414e303f86c49a7544a9b8bb99d4a9  x86_64/2006.0/SRPMS/webmin-1.220-9.1.20060mdk.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3042

Upgrade

To upgrade automatically, use MandrakeUpdate.

Verification

Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :

                rpm --checksig package.rpm

You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.

If you use MandrakeUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.

URL:

http://frontal2.mandriva.com/security/advisories

Short link:

http://frontal2.mandriva.com/content/view/full/1075

Intersites Menu

Mandriva

Tools

Top menu

Advisories

Footer