CVE-2003-0101
First published: Wed Feb 26 2003(Updated: )
miniserv.pl in (1) Webmin before 1.070 and (2) Usermin before 1.000 does not properly handle metacharacters such as line feeds and carriage returns (CRLF) in Base-64 encoded strings during Basic authentication, which allows remote attackers to spoof a session ID and gain root privileges.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Usermin Usermin | =0.91 | |
| Usermin Usermin | =0.9 | |
| Webmin Webmin | =1.0.60 | |
| Usermin Usermin | =0.8 | |
| Usermin Usermin | =0.97 | |
| Usermin Usermin | =0.99 | |
| Usermin Usermin | =0.6 | |
| Usermin Usermin | =0.96 | |
| Usermin Usermin | =0.5 | |
| Usermin Usermin | =0.7 | |
| Usermin Usermin | =0.4 | |
| Usermin Usermin | =0.93 | |
| Usermin Usermin | =0.94 | |
| Usermin Usermin | =0.95 | |
| Usermin Usermin | =0.98 | |
| Engardelinux Guardian Digital Webtool | =1.2 | |
| Usermin Usermin | =0.92 | |
| Webmin Webmin | =1.0.50 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.iss.net/security_center/static/11390.php
- http://www.lac.co.jp/security/english/snsadv_e/62_e.html
- http://www.debian.org/security/2003/dsa-319
- http://archives.neohapsis.com/archives/linux/engarde/2003-q1/0008.html
- http://archives.neohapsis.com/archives/hp/2003-q1/0063.html
- http://www.ciac.org/ciac/bulletins/n-058.shtml
- http://www.securityfocus.com/bid/6915
- http://www.linuxsecurity.com/advisories/gentoo_advisory-2886.html
- http://www.mandriva.com/security/advisories?name=MDKSA-2003:025
- http://secunia.com/advisories/8115
- http://secunia.com/advisories/8163
- http://www.securitytracker.com/id?1006160
- http://marc.info/?l=webmin-announce&m=104587858408101&w=2
- http://marc.info/?l=bugtraq&m=104610336226274&w=2
- http://marc.info/?l=bugtraq&m=104610245624895&w=2
- http://marc.info/?l=bugtraq&m=104610300325629&w=2
- collector/nvd-historical
- collector/nvd-index
- agent/severity
- agent/author
- agent/type
- agent/weakness
- agent/references
- agent/description
- agent/event
- agent/softwarecombine
- agent/last-modified-date
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/usermin
- canonical/usermin usermin
- version/usermin usermin/0.91
- version/usermin usermin/0.9
- vendor/webmin
- canonical/webmin webmin
- version/webmin webmin/1.0.60
- version/usermin usermin/0.8
- version/usermin usermin/0.97
- version/usermin usermin/0.99
- version/usermin usermin/0.6
- version/usermin usermin/0.96
- version/usermin usermin/0.5
- version/usermin usermin/0.7
- version/usermin usermin/0.4
- version/usermin usermin/0.93
- version/usermin usermin/0.94
- version/usermin usermin/0.95
- version/usermin usermin/0.98
- vendor/engardelinux
- canonical/engardelinux guardian digital webtool
- version/engardelinux guardian digital webtool/1.2
- version/usermin usermin/0.92
- version/webmin webmin/1.0.50