Gentoo Local Security Checks : Gentoo Security Advisory GLSA 200409-15 (Usermin)

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.0.54671

Category: Gentoo Local Security Checks

Title: Gentoo Security Advisory GLSA 200409-15 (Usermin)

Summary: The remote host is missing updates announced in;advisory GLSA 200409-15.

Description: Summary:
The remote host is missing updates announced in
advisory GLSA 200409-15.

Vulnerability Insight:
A vulnerability in the webmail function of Usermin could be used by an
attacker to execute shell code via a specially-crafted e-mail. A bug in
the installation script of Webmin and Usermin also allows a local user to
execute a symlink attack at installation time.

Solution:
All Usermin users should upgrade to the latest version:

# emerge sync

# emerge -pv '>=app-admin/usermin-1.090'
# emerge '>=app-admin/usermin-1.090'

All Webmin users should upgrade to the latest version:

# emerge sync

# emerge -pv '>=app-admin/webmin-1.160'
# emerge '>=app-admin/webmin-1.160'

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2004-0559
BugTraq ID: 11153
http://www.securityfocus.com/bid/11153
http://www.gentoo.org/security/en/glsa/glsa-200409-15.xml
http://secunia.com/advisories/12488/
XForce ISS Database: usermin-installation-unspecified(17299)
https://exchange.xforce.ibmcloud.com/vulnerabilities/17299
Common Vulnerability Exposure (CVE) ID: CVE-2004-1468
BugTraq ID: 11122
http://www.securityfocus.com/bid/11122
http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/77_e.html
XForce ISS Database: usermin-web-mail-command-execution(17293)
https://exchange.xforce.ibmcloud.com/vulnerabilities/17293

Copyright Copyright (C) 2008 E-Soft Inc.

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.54671
Category:	Gentoo Local Security Checks
Title:	Gentoo Security Advisory GLSA 200409-15 (Usermin)
Summary:	The remote host is missing updates announced in;advisory GLSA 200409-15.
Description:	Summary: The remote host is missing updates announced in advisory GLSA 200409-15. Vulnerability Insight: A vulnerability in the webmail function of Usermin could be used by an attacker to execute shell code via a specially-crafted e-mail. A bug in the installation script of Webmin and Usermin also allows a local user to execute a symlink attack at installation time. Solution: All Usermin users should upgrade to the latest version: # emerge sync # emerge -pv '>=app-admin/usermin-1.090' # emerge '>=app-admin/usermin-1.090' All Webmin users should upgrade to the latest version: # emerge sync # emerge -pv '>=app-admin/webmin-1.160' # emerge '>=app-admin/webmin-1.160' CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2004-0559 BugTraq ID: 11153 http://www.securityfocus.com/bid/11153 http://www.gentoo.org/security/en/glsa/glsa-200409-15.xml http://secunia.com/advisories/12488/ XForce ISS Database: usermin-installation-unspecified(17299) https://exchange.xforce.ibmcloud.com/vulnerabilities/17299 Common Vulnerability Exposure (CVE) ID: CVE-2004-1468 BugTraq ID: 11122 http://www.securityfocus.com/bid/11122 http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/77_e.html XForce ISS Database: usermin-web-mail-command-execution(17293) https://exchange.xforce.ibmcloud.com/vulnerabilities/17293
Copyright	Copyright (C) 2008 E-Soft Inc.