CVE-2005-3042
First published: Thu Sep 22 2005(Updated: )
miniserv.pl in Webmin before 1.230 and Usermin before 1.160, when "full PAM conversations" is enabled, allows remote attackers to bypass authentication by spoofing session IDs via certain metacharacters (line feed or carriage return).
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Webmin Usermin | =1.150 | |
| Webmin | =1.2.20 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://archives.neohapsis.com/archives/bugtraq/2005-09/0257.html
- http://www.webmin.com/changes-1.230.html
- http://www.webmin.com/uchanges-1.160.html
- http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/83_e.html
- http://jvn.jp/jp/JVN%2340940493/index.html
- http://www.osvdb.org/19575
- http://secunia.com/advisories/16858
- http://www.gentoo.org/security/en/glsa/glsa-200509-17.xml
- http://www.mandriva.com/security/advisories?name=MDKSA-2005:176
- http://www.novell.com/linux/security/advisories/2005_24_sr.html
- http://secunia.com/advisories/17282
- http://www.securityfocus.com/bid/14889
- http://securityreason.com/securityalert/17
- http://www.vupen.com/english/advisories/2005/1791
Frequently Asked Questions
What is the severity of CVE-2005-3042?
CVE-2005-3042 is considered a high severity vulnerability due to its ability to allow remote attackers to bypass authentication.
How do I fix CVE-2005-3042?
To fix CVE-2005-3042, upgrade to Webmin version 1.230 or Usermin version 1.160 or later.
Which versions of Webmin are affected by CVE-2005-3042?
CVE-2005-3042 affects Webmin versions prior to 1.230.
Which versions of Usermin are affected by CVE-2005-3042?
CVE-2005-3042 affects Usermin versions prior to 1.160.
What does CVE-2005-3042 exploit?
CVE-2005-3042 exploits the ability to spoof session IDs when full PAM conversations are enabled.
- agent/softwarecombine
- agent/type
- agent/references
- agent/remedy
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/weakness
- agent/severity
- agent/author
- agent/event
- agent/description
- agent/first-publish-date
- agent/source
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/usermin
- canonical/webmin usermin
- version/webmin usermin/1.150
- vendor/webmin
- canonical/webmin
- version/webmin/1.2.20