Mandrake Local Security Checks : Mandrake Security Advisory MDKSA-2006:170-1 (webmin)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.57606

Categoría: Mandrake Local Security Checks

Título: Mandrake Security Advisory MDKSA-2006:170-1 (webmin)

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing an update to webmin
announced via advisory MDKSA-2006:170-1.

Webmin before 1.296 and Usermin before 1.226 does not properly handle a
URL with a null (%00) character, which allows remote attackers to
conduct cross-site scripting (XSS), read CGI program source code, list
directories, and possibly execute programs.

Updated packages have been patched to correct this issue.

Update:

Packages are now available for Mandriva Linux 2007.

Affected: 2007.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2006:170-1

Risk factor : High

CVSS Score:
6.8

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2006-4542
BugTraq ID: 19820
http://www.securityfocus.com/bid/19820
Debian Security Information: DSA-1199 (Google Search)
http://www.debian.org/security/2006/dsa-1199
http://jvn.jp/jp/JVN%2399776858/index.html
http://www.mandriva.com/security/advisories?name=MDKSA-2006:170
http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/89_e.html
http://www.osvdb.org/28337
http://www.osvdb.org/28338
http://securitytracker.com/id?1016776
http://securitytracker.com/id?1016777
http://secunia.com/advisories/21690
http://secunia.com/advisories/22087
http://secunia.com/advisories/22114
http://secunia.com/advisories/22556
http://www.vupen.com/english/advisories/2006/3424
XForce ISS Database: webmin-usermin-source-disclosure(28699)
https://exchange.xforce.ibmcloud.com/vulnerabilities/28699

Copyright Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.57606
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDKSA-2006:170-1 (webmin)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to webmin announced via advisory MDKSA-2006:170-1. Webmin before 1.296 and Usermin before 1.226 does not properly handle a URL with a null (%00) character, which allows remote attackers to conduct cross-site scripting (XSS), read CGI program source code, list directories, and possibly execute programs. Updated packages have been patched to correct this issue. Update: Packages are now available for Mandriva Linux 2007. Affected: 2007.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2006:170-1 Risk factor : High CVSS Score: 6.8
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2006-4542 BugTraq ID: 19820 http://www.securityfocus.com/bid/19820 Debian Security Information: DSA-1199 (Google Search) http://www.debian.org/security/2006/dsa-1199 http://jvn.jp/jp/JVN%2399776858/index.html http://www.mandriva.com/security/advisories?name=MDKSA-2006:170 http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/89_e.html http://www.osvdb.org/28337 http://www.osvdb.org/28338 http://securitytracker.com/id?1016776 http://securitytracker.com/id?1016777 http://secunia.com/advisories/21690 http://secunia.com/advisories/22087 http://secunia.com/advisories/22114 http://secunia.com/advisories/22556 http://www.vupen.com/english/advisories/2006/3424 XForce ISS Database: webmin-usermin-source-disclosure(28699) https://exchange.xforce.ibmcloud.com/vulnerabilities/28699
Copyright	Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com