CVE-2005-3042
First published: Thu Sep 22 2005(Updated: )
miniserv.pl in Webmin before 1.230 and Usermin before 1.160, when "full PAM conversations" is enabled, allows remote attackers to bypass authentication by spoofing session IDs via certain metacharacters (line feed or carriage return).
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Usermin Usermin | =1.150 | |
| Webmin Webmin | =1.2.20 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://archives.neohapsis.com/archives/bugtraq/2005-09/0257.html
- http://www.webmin.com/changes-1.230.html
- http://www.webmin.com/uchanges-1.160.html
- http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/83_e.html
- http://jvn.jp/jp/JVN%2340940493/index.html
- http://www.osvdb.org/19575
- http://secunia.com/advisories/16858
- http://www.gentoo.org/security/en/glsa/glsa-200509-17.xml
- http://www.mandriva.com/security/advisories?name=MDKSA-2005:176
- http://www.novell.com/linux/security/advisories/2005_24_sr.html
- http://secunia.com/advisories/17282
- http://www.securityfocus.com/bid/14889
- http://securityreason.com/securityalert/17
- http://www.vupen.com/english/advisories/2005/1791
- collector/nvd-historical
- collector/nvd-index
- agent/author
- agent/severity
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/type
- agent/references
- agent/description
- agent/remedy
- agent/weakness
- agent/event
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/usermin
- canonical/usermin usermin
- version/usermin usermin/1.150
- vendor/webmin
- canonical/webmin webmin
- version/webmin webmin/1.2.20