Info

Disclosure

Sep 20, 2005

Discovery

Sep 04, 2005

Dates

Exploit

Unknown

Solution

Sep 20, 2005

Description

Classification

Location: Remote / Network Access
Attack Type: Authentication Management
Impact: Loss of Integrity
Solution: Upgrade
Disclosure: Vendor Verified
OSVDB: Web Related

Solution

Upgrade to version 1.160 of Usermin, 1.230 of Webmin or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Unknown or Incomplete

References

Security Tracker: 1014950 1014951
Secunia Advisory ID: 16858 16940 17282
SCIP VulDB ID: 1755
CVE ID: 2005-3042 (see also: NVD)
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-09/0257.html
Vendor Specific Advisory URL: http://lists.suse.com/archive/suse-security-announce/2005-Oct/0007.html
Other Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200509-17.xml
Vendor URL: http://www.webmin.com/
Keyword: SNS Advisory No.83

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/19575