Gentoo Local Security Checks : Gentoo Security Advisory GLSA 200608-11 (webmin/usermin)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.57861

Categoría: Gentoo Local Security Checks

Título: Gentoo Security Advisory GLSA 200608-11 (webmin/usermin)

Resumen: The remote host is missing updates announced in;advisory GLSA 200608-11.

Descripción: Summary:
The remote host is missing updates announced in
advisory GLSA 200608-11.

Vulnerability Insight:
Webmin and Usermin are vulnerable to an arbitrary file disclosure through a
specially crafted URL.

Solution:
All Webmin users should update to the latest stable version:

# emerge --sync
# emerge --ask --verbose --oneshot '>=app-admin/webmin-1.290'

All Usermin users should update to the latest stable version:

# emerge --sync
# emerge --ask --verbose --oneshot '>=app-admin/usermin-1.220'

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2006-3392
BugTraq ID: 18744
http://www.securityfocus.com/bid/18744
Bugtraq: 20060709 Webmin / Usermin Arbitrary File Disclosure Vulnerability exploit (Google Search)
http://www.securityfocus.com/archive/1/439653/100/0/threaded
Bugtraq: 20060715 Re: Webmin / Usermin Arbitrary File Disclosure Vulnerability exploit (Google Search)
http://www.securityfocus.com/archive/1/440125/100/0/threaded
http://www.securityfocus.com/archive/1/440466/100/0/threaded
Bugtraq: 20060715 Webmin / Usermin Arbitrary File Disclosure Vulnerability Perl (Google Search)
http://www.securityfocus.com/archive/1/440493/100/0/threaded
CERT/CC vulnerability note: VU#999601
http://www.kb.cert.org/vuls/id/999601
Debian Security Information: DSA-1199 (Google Search)
http://www.debian.org/security/2006/dsa-1199
http://security.gentoo.org/glsa/glsa-200608-11.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2006:125
http://www.osvdb.org/26772
http://secunia.com/advisories/20892
http://secunia.com/advisories/21105
http://secunia.com/advisories/21365
http://secunia.com/advisories/22556
http://attrition.org/pipermail/vim/2006-June/000912.html
http://attrition.org/pipermail/vim/2006-July/000923.html
http://www.vupen.com/english/advisories/2006/2612

Copyright Copyright (C) 2008 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.57861
Categoría:	Gentoo Local Security Checks
Título:	Gentoo Security Advisory GLSA 200608-11 (webmin/usermin)
Resumen:	The remote host is missing updates announced in;advisory GLSA 200608-11.
Descripción:	Summary: The remote host is missing updates announced in advisory GLSA 200608-11. Vulnerability Insight: Webmin and Usermin are vulnerable to an arbitrary file disclosure through a specially crafted URL. Solution: All Webmin users should update to the latest stable version: # emerge --sync # emerge --ask --verbose --oneshot '>=app-admin/webmin-1.290' All Usermin users should update to the latest stable version: # emerge --sync # emerge --ask --verbose --oneshot '>=app-admin/usermin-1.220' CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2006-3392 BugTraq ID: 18744 http://www.securityfocus.com/bid/18744 Bugtraq: 20060709 Webmin / Usermin Arbitrary File Disclosure Vulnerability exploit (Google Search) http://www.securityfocus.com/archive/1/439653/100/0/threaded Bugtraq: 20060715 Re: Webmin / Usermin Arbitrary File Disclosure Vulnerability exploit (Google Search) http://www.securityfocus.com/archive/1/440125/100/0/threaded http://www.securityfocus.com/archive/1/440466/100/0/threaded Bugtraq: 20060715 Webmin / Usermin Arbitrary File Disclosure Vulnerability Perl (Google Search) http://www.securityfocus.com/archive/1/440493/100/0/threaded CERT/CC vulnerability note: VU#999601 http://www.kb.cert.org/vuls/id/999601 Debian Security Information: DSA-1199 (Google Search) http://www.debian.org/security/2006/dsa-1199 http://security.gentoo.org/glsa/glsa-200608-11.xml http://www.mandriva.com/security/advisories?name=MDKSA-2006:125 http://www.osvdb.org/26772 http://secunia.com/advisories/20892 http://secunia.com/advisories/21105 http://secunia.com/advisories/21365 http://secunia.com/advisories/22556 http://attrition.org/pipermail/vim/2006-June/000912.html http://attrition.org/pipermail/vim/2006-July/000923.html http://www.vupen.com/english/advisories/2006/2612
Copyright	Copyright (C) 2008 E-Soft Inc.