English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.57540
Category:Debian Local Security Checks
Title:Debian: Security Advisory (DSA-1199-1)
Summary:The remote host is missing an update for the Debian 'webmin' package(s) announced via the DSA-1199-1 advisory.
Description:Summary:
The remote host is missing an update for the Debian 'webmin' package(s) announced via the DSA-1199-1 advisory.

Vulnerability Insight:
Several vulnerabilities have been identified in webmin, a web-based administration toolkit. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities:

CVE-2005-3912

A format string vulnerability in miniserv.pl could allow an attacker to cause a denial of service by crashing the application or exhausting system resources, and could potentially allow arbitrary code execution.

CVE-2006-3392

Improper input sanitization in miniserv.pl could allow an attacker to read arbitrary files on the webmin host by providing a specially crafted URL path to the miniserv http server.

CVE-2006-4542

Improper handling of null characters in URLs in miniserv.pl could allow an attacker to conduct cross-site scripting attacks, read CGI program source code, list local directories, and potentially execute arbitrary code.

Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, m68k, mips, mipsel, powerpc, s390 and sparc.

For the stable distribution (sarge), these problems have been fixed in version 1.180-3sarge1.

Webmin is not included in unstable (sid) or testing (etch), so these problems are not present.

We recommend that you upgrade your webmin (1.180-3sarge1) package.

Affected Software/OS:
'webmin' package(s) on Debian 3.1.

Solution:
Please install the updated package(s).

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2005-3912
Bugtraq: 20051129 Webmin miniserv.pl format string vulnerability (Google Search)
http://www.securityfocus.com/archive/1/418093/100/0/threaded
Debian Security Information: DSA-1199 (Google Search)
http://www.debian.org/security/2006/dsa-1199
http://www.gentoo.org/security/en/glsa/glsa-200512-02.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2005:223
http://www.dyadsecurity.com/webmin-0001.html
http://lists.immunitysec.com/pipermail/dailydave/2005-November/002685.html
http://secunia.com/advisories/17749
http://secunia.com/advisories/17817
http://secunia.com/advisories/17878
http://secunia.com/advisories/17942
http://secunia.com/advisories/18101
http://secunia.com/advisories/22556
SuSE Security Announcement: SUSE-SR:2005:030 (Google Search)
http://www.novell.com/linux/security/advisories/2005_30_sr.html
http://www.vupen.com/english/advisories/2005/2660
Common Vulnerability Exposure (CVE) ID: CVE-2006-3392
BugTraq ID: 18744
http://www.securityfocus.com/bid/18744
Bugtraq: 20060709 Webmin / Usermin Arbitrary File Disclosure Vulnerability exploit (Google Search)
http://www.securityfocus.com/archive/1/439653/100/0/threaded
Bugtraq: 20060715 Re: Webmin / Usermin Arbitrary File Disclosure Vulnerability exploit (Google Search)
http://www.securityfocus.com/archive/1/440125/100/0/threaded
http://www.securityfocus.com/archive/1/440466/100/0/threaded
Bugtraq: 20060715 Webmin / Usermin Arbitrary File Disclosure Vulnerability Perl (Google Search)
http://www.securityfocus.com/archive/1/440493/100/0/threaded
CERT/CC vulnerability note: VU#999601
http://www.kb.cert.org/vuls/id/999601
http://security.gentoo.org/glsa/glsa-200608-11.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2006:125
http://www.osvdb.org/26772
http://secunia.com/advisories/20892
http://secunia.com/advisories/21105
http://secunia.com/advisories/21365
http://attrition.org/pipermail/vim/2006-June/000912.html
http://attrition.org/pipermail/vim/2006-July/000923.html
http://www.vupen.com/english/advisories/2006/2612
Common Vulnerability Exposure (CVE) ID: CVE-2006-4542
BugTraq ID: 19820
http://www.securityfocus.com/bid/19820
http://jvn.jp/jp/JVN%2399776858/index.html
http://www.mandriva.com/security/advisories?name=MDKSA-2006:170
http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/89_e.html
http://www.osvdb.org/28337
http://www.osvdb.org/28338
http://securitytracker.com/id?1016776
http://securitytracker.com/id?1016777
http://secunia.com/advisories/21690
http://secunia.com/advisories/22087
http://secunia.com/advisories/22114
http://www.vupen.com/english/advisories/2006/3424
XForce ISS Database: webmin-usermin-source-disclosure(28699)
https://exchange.xforce.ibmcloud.com/vulnerabilities/28699
CopyrightCopyright (C) 2008 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.