CVE-2005-3912
First published: Wed Nov 30 2005(Updated: )
Format string vulnerability in miniserv.pl Perl web server in Webmin before 1.250 and Usermin before 1.180, with syslog logging enabled, allows remote attackers to cause a denial of service (crash or memory consumption) and possibly execute arbitrary code via format string specifiers in the username parameter to the login form, which is ultimately used in a syslog call. NOTE: the code execution might be associated with an issue in Perl.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Webmin | >=1.100<1.180 | |
| Webmin | >=1.200<1.250 | |
| Debian | =3.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.immunitysec.com/pipermail/dailydave/2005-November/002685.html
- http://www.dyadsecurity.com/webmin-0001.html
- http://www.webmin.com/security.html
- http://www.webmin.com/changes-1.250.html
- http://www.webmin.com/uchanges-1.180.html
- http://secunia.com/advisories/17749
- http://secunia.com/advisories/17817
- http://secunia.com/advisories/17878
- http://www.gentoo.org/security/en/glsa/glsa-200512-02.xml
- http://www.novell.com/linux/security/advisories/2005_30_sr.html
- http://secunia.com/advisories/18101
- http://secunia.com/advisories/17942
- http://www.debian.org/security/2006/dsa-1199
- http://secunia.com/advisories/22556
- http://www.mandriva.com/security/advisories?name=MDKSA-2005:223
- http://www.vupen.com/english/advisories/2005/2660
- http://www.securityfocus.com/archive/1/418093/100/0/threaded
Frequently Asked Questions
What is the severity of CVE-2005-3912?
CVE-2005-3912 has a medium severity rating due to its potential for denial of service and arbitrary code execution.
How do I fix CVE-2005-3912?
To fix CVE-2005-3912, upgrade Webmin to version 1.250 or higher and Usermin to version 1.180 or higher.
What systems are affected by CVE-2005-3912?
CVE-2005-3912 affects Webmin versions prior to 1.250 and Usermin versions prior to 1.180.
Can CVE-2005-3912 be exploited remotely?
Yes, CVE-2005-3912 can be exploited remotely by attackers who can manipulate username format string specifiers.
What consequences can result from CVE-2005-3912 exploitation?
Exploitation of CVE-2005-3912 can lead to a denial of service, crashing the server or consuming excessive memory, and potentially executing arbitrary code.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/author
- agent/last-modified-date
- agent/severity
- agent/weakness
- agent/remedy
- agent/event
- agent/description
- agent/first-publish-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-historical
- vendor/webmin
- vendor/debian
- vendor/debian linux
- agent/software-canonical-lookup-request
- collector/nvd-index
- canonical/webmin
- version/webmin/1.100
- version/webmin/1.200
- canonical/debian
- version/debian/3.1