Test ID:	1.3.6.1.4.1.25623.1.0.831418
Category:	Mandrake Local Security Checks
Title:	Mandriva Update for webmin MDVSA-2011:109 (webmin)
Summary:	The remote host is missing an update for the 'webmin'; package(s) announced via the referenced advisory.
Description:	Summary: The remote host is missing an update for the 'webmin' package(s) announced via the referenced advisory. Vulnerability Insight: A vulnerability was discovered and corrected in webmin: Cross-site scripting (XSS) vulnerability in Webmin 1.540 and earlier allows local users to inject arbitrary web script or HTML via a chfn command that changes the real (aka Full Name) field, related to useradmin/index.cgi and useradmin/user-lib.pl (CVE-2011-1937). Packages for 2009.0 are provided as of the Extended Maintenance Program. The updated packages have been upgraded to the 1.550 version which is not vulnerable to this issue. Affected Software/OS: webmin on Mandriva Linux 2009.0, Mandriva Linux 2009.0/X86_64, Mandriva Linux 2010.1, Mandriva Linux 2010.1/X86_64, Mandriva Enterprise Server 5, Mandriva Enterprise Server 5/X86_64 Solution: Please Install the Updated Packages. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2011-1937 BugTraq ID: 47558 http://www.securityfocus.com/bid/47558 Bugtraq: 20110424 XSS in Webmin 1.540 + exploit for privilege escalation (Google Search) http://www.securityfocus.com/archive/1/517658 http://www.mandriva.com/security/advisories?name=MDVSA-2011:109 http://javierb.com.ar/2011/04/24/xss-webmin-1-540/ http://www.youtube.com/watch?v=CUO7JLIGUf0 http://openwall.com/lists/oss-security/2011/05/22/1 http://openwall.com/lists/oss-security/2011/05/24/7 http://securitytracker.com/id?1025438 http://securityreason.com/securityalert/8264
Copyright	Copyright (C) 2011 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.