CVE-2003-0101
First published: Wed Feb 26 2003(Updated: )
miniserv.pl in (1) Webmin before 1.070 and (2) Usermin before 1.000 does not properly handle metacharacters such as line feeds and carriage returns (CRLF) in Base-64 encoded strings during Basic authentication, which allows remote attackers to spoof a session ID and gain root privileges.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Webmin Usermin | =0.91 | |
| Webmin Usermin | =0.9 | |
| Webmin | =1.0.60 | |
| Webmin Usermin | =0.8 | |
| Webmin Usermin | =0.97 | |
| Webmin Usermin | =0.99 | |
| Webmin Usermin | =0.6 | |
| Webmin Usermin | =0.96 | |
| Webmin Usermin | =0.5 | |
| Webmin Usermin | =0.7 | |
| Webmin Usermin | =0.4 | |
| Webmin Usermin | =0.93 | |
| Webmin Usermin | =0.94 | |
| Webmin Usermin | =0.95 | |
| Webmin Usermin | =0.98 | |
| Engardelinux Guardian Digital | =1.2 | |
| Webmin Usermin | =0.92 | |
| Webmin | =1.0.50 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.iss.net/security_center/static/11390.php
- http://www.lac.co.jp/security/english/snsadv_e/62_e.html
- http://www.debian.org/security/2003/dsa-319
- http://archives.neohapsis.com/archives/linux/engarde/2003-q1/0008.html
- http://archives.neohapsis.com/archives/hp/2003-q1/0063.html
- http://www.ciac.org/ciac/bulletins/n-058.shtml
- http://www.securityfocus.com/bid/6915
- http://www.linuxsecurity.com/advisories/gentoo_advisory-2886.html
- http://www.mandriva.com/security/advisories?name=MDKSA-2003:025
- http://secunia.com/advisories/8115
- http://secunia.com/advisories/8163
- http://www.securitytracker.com/id?1006160
- http://marc.info/?l=webmin-announce&m=104587858408101&w=2
- http://marc.info/?l=bugtraq&m=104610336226274&w=2
- http://marc.info/?l=bugtraq&m=104610245624895&w=2
- http://marc.info/?l=bugtraq&m=104610300325629&w=2
Frequently Asked Questions
What is the severity of CVE-2003-0101?
CVE-2003-0101 is considered a critical vulnerability due to the potential for remote attackers to gain root privileges.
How do I fix CVE-2003-0101?
To fix CVE-2003-0101, update Webmin to version 1.070 or Usermin to version 1.000 or later.
What software is affected by CVE-2003-0101?
CVE-2003-0101 affects Webmin versions prior to 1.070 and Usermin versions prior to 1.000.
What attack vector is leveraged by CVE-2003-0101?
CVE-2003-0101 is exploited through improperly handled metacharacters in Base-64 encoded strings during Basic authentication.
Can CVE-2003-0101 be exploited remotely?
Yes, CVE-2003-0101 can be exploited remotely, allowing attackers to spoof session IDs.
- agent/type
- agent/references
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/severity
- agent/last-modified-date
- agent/weakness
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/usermin
- canonical/webmin usermin
- version/webmin usermin/0.91
- version/webmin usermin/0.9
- vendor/webmin
- canonical/webmin
- version/webmin/1.0.60
- version/webmin usermin/0.8
- version/webmin usermin/0.97
- version/webmin usermin/0.99
- version/webmin usermin/0.6
- version/webmin usermin/0.96
- version/webmin usermin/0.5
- version/webmin usermin/0.7
- version/webmin usermin/0.4
- version/webmin usermin/0.93
- version/webmin usermin/0.94
- version/webmin usermin/0.95
- version/webmin usermin/0.98
- vendor/engardelinux
- canonical/engardelinux guardian digital
- version/engardelinux guardian digital/1.2
- version/webmin usermin/0.92
- version/webmin/1.0.50