| VID |
22405 |
| Severity |
40 |
| Port |
10000 |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The Webmin/Usermin web interface is vulnerable to a Session ID Spoofing Vulnerability. Webmin is a web-based system administration tool for Unix and Linux operating systems, and Usermin is a simplified version of Webmin designed for use by normal users rather than system administrators. Webmin versions prior to 1.070 and Usermin versions prior to 1.000 could allow a remote attacker to spoof a Session ID (SID) and and gain root privileges. The miniserv.pl script in the Webmin/Usermin package does not properly handle metacharacters, such as CRLF (Carriage Return - Line Feed) sequences, in Base64-encoded strings used in Basic authentication. If the "password timeouts" option is enabled and a valid username is known, a remote attacker could spoof a Session ID by supplying a Base64-encoded authentication string containing CRLF sequences to bypass authentication and execute arbitrary commands on the affected host with root privileges.
* References:
http://www.securityfocus.com/archive/1/312911
http://www.securiteam.com/unixfocus/5TP092A75Q.html
http://secunia.com/advisories/8115/
* Platforms Affected:
Usermin Project, Usermin versions prior to 1.000
Webmin Project, Webmin versions prior to 1.070
Unix Any version
Linux Any version |
| Recommendation |
Upgrade to the latest version of Webmin / Usermin (Webmin 1.070 or Usermin 1.000 or later), available from the Webmin Web site at http://www.webmin.com/webmin/
For HP-UX 11.00, 11.11, 11.20, and 11.22:
Upgrade to the version of webmin with the security fix, as listed in Hewlett-Packard Company Security Bulletin HPSBUX0303-250 at http://archives.neohapsis.com/archives/hp/2003-q1/0063.html
For other distributions:
Contact your vendor for upgrade or patch information. |
| Related URL |
CVE-2003-0101 (CVE) |
| Related URL |
6915 (SecurityFocus) |
| Related URL |
11390 (ISS) |
|
