Advisories
Mandriva Advisories
|
Problem Description |
Miniserv.pl in Webmin 1.220, when "full PAM conversations" is enabled, allows remote attackers to bypass authentication by spoofing session IDs via certain metacharacters (line feed or carriage return).
The updated packages have been patched to correct this issues.
Updated Packages |
Mandrivalinux 2006
a848ccbf6344438775ec1304879aef4d 2006.0/RPMS/webmin-1.220-9.1.20060mdk.noarch.rpm bd414e303f86c49a7544a9b8bb99d4a9 2006.0/SRPMS/webmin-1.220-9.1.20060mdk.src.rpm
Mandrivalinux 2006/X86_64
c9aa3f93679c4aa22d0d56843315bb13 x86_64/2006.0/RPMS/webmin-1.220-9.1.20060mdk.noarch.rpm bd414e303f86c49a7544a9b8bb99d4a9 x86_64/2006.0/SRPMS/webmin-1.220-9.1.20060mdk.src.rpm
References |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3042
Upgrade |
To upgrade automatically, use MandrakeUpdate.
Verification |
Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :
rpm --checksig package.rpm
You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.
If you use MandrakeUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.