Gain root remotely : Webmin Session ID Spoofing

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.11279

Categoría: Gain root remotely

Título: Webmin Session ID Spoofing

Resumen: NOSUMMARY

Descripción: Description:

The remote server is running a version of Webmin which is vulnerable
to Session ID spoofing.

An attacker may use this flaw to log in as admin on this host,
and basically gain full control on it

Solution : upgrade to webmin 1.070
Risk factor : High

Referencia Cruzada: BugTraq ID: 6915
Common Vulnerability Exposure (CVE) ID: CVE-2003-0101
http://www.securityfocus.com/bid/6915
Bugtraq: 20030224 GLSA: usermin (200302-14) (Google Search)
http://marc.info/?l=bugtraq&m=104610336226274&w=2
Bugtraq: 20030224 Webmin 1.050 - 1.060 remote exploit (Google Search)
http://marc.info/?l=bugtraq&m=104610245624895&w=2
Bugtraq: 20030224 [SNS Advisory No.62] Webmin/Usermin Session ID Spoofing Vulnerability "Episode 2" (Google Search)
http://marc.info/?l=bugtraq&m=104610300325629&w=2
Computer Incident Advisory Center Bulletin: N-058
http://www.ciac.org/ciac/bulletins/n-058.shtml
Debian Security Information: DSA-319 (Google Search)
http://www.debian.org/security/2003/dsa-319
En Garde Linux Advisory: ESA-20030225-006
http://archives.neohapsis.com/archives/linux/engarde/2003-q1/0008.html
HPdes Security Advisory: HPSBUX0303-250
http://archives.neohapsis.com/archives/hp/2003-q1/0063.html
http://www.mandriva.com/security/advisories?name=MDKSA-2003:025
http://www.lac.co.jp/security/english/snsadv_e/62_e.html
http://www.securitytracker.com/id?1006160
http://secunia.com/advisories/8115
http://secunia.com/advisories/8163
SGI Security Advisory: 20030602-01-I
ftp://patches.sgi.com/support/free/security/advisories/20030602-01-I
http://www.iss.net/security_center/static/11390.php

Copyright This script is Copyright (C) 2003 Renaud Deraison

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.11279
Categoría:	Gain root remotely
Título:	Webmin Session ID Spoofing
Resumen:	NOSUMMARY
Descripción:	Description: The remote server is running a version of Webmin which is vulnerable to Session ID spoofing. An attacker may use this flaw to log in as admin on this host, and basically gain full control on it Solution : upgrade to webmin 1.070 Risk factor : High
Referencia Cruzada:	BugTraq ID: 6915 Common Vulnerability Exposure (CVE) ID: CVE-2003-0101 http://www.securityfocus.com/bid/6915 Bugtraq: 20030224 GLSA: usermin (200302-14) (Google Search) http://marc.info/?l=bugtraq&m=104610336226274&w=2 Bugtraq: 20030224 Webmin 1.050 - 1.060 remote exploit (Google Search) http://marc.info/?l=bugtraq&m=104610245624895&w=2 Bugtraq: 20030224 [SNS Advisory No.62] Webmin/Usermin Session ID Spoofing Vulnerability "Episode 2" (Google Search) http://marc.info/?l=bugtraq&m=104610300325629&w=2 Computer Incident Advisory Center Bulletin: N-058 http://www.ciac.org/ciac/bulletins/n-058.shtml Debian Security Information: DSA-319 (Google Search) http://www.debian.org/security/2003/dsa-319 En Garde Linux Advisory: ESA-20030225-006 http://archives.neohapsis.com/archives/linux/engarde/2003-q1/0008.html HPdes Security Advisory: HPSBUX0303-250 http://archives.neohapsis.com/archives/hp/2003-q1/0063.html http://www.mandriva.com/security/advisories?name=MDKSA-2003:025 http://www.lac.co.jp/security/english/snsadv_e/62_e.html http://www.securitytracker.com/id?1006160 http://secunia.com/advisories/8115 http://secunia.com/advisories/8163 SGI Security Advisory: 20030602-01-I ftp://patches.sgi.com/support/free/security/advisories/20030602-01-I http://www.iss.net/security_center/static/11390.php
Copyright	This script is Copyright (C) 2003 Renaud Deraison