Advisories

Mandriva Advisories

Package name	webmin
Date	February 26th, 2003
Advisory ID	MDKSA-2003:025
Affected versions	7.2, 8.0, 8.1, 8.2, 9.0
Synopsis	Updated webmin packages fix session ID spoofing vulnerability

Problem Description

A vulnerability was discovered in webmin by Cintia M. Imanishi, in the
miniserv.pl program, which is the core server of webmin. This
vulnerability allows an attacker to spoof a session ID by including
special metacharacters in the BASE64 encoding string used during the
authentication process. This could allow an attacker to gain full
administrative access to webmin.

MandrakeSoft encourages all users to upgrade immediately.

Updated Packages

Mandrakelinux 7.2

 0ee3a9b29088dab06b211f8137ead0f4  7.2/RPMS/webmin-0.970-2.1mdk.noarch.rpm
70c12cf5f873867e48097867ba4d7511  7.2/SRPMS/webmin-0.970-2.1mdk.src.rpm

Mandrakelinux 8.0

 1942eff82c6e3d6307f1ed3effcd8445  8.0/RPMS/webmin-0.970-2.2mdk.noarch.rpm
fd6e16fb437508d292a08f1b8e3f4395  8.0/SRPMS/webmin-0.970-2.2mdk.src.rpm

Mandrakelinux 8.0/PPC

 ac36fd178467656f52737465aa7064c0  ppc/8.0/RPMS/webmin-0.970-2.2mdk.noarch.rpm
fd6e16fb437508d292a08f1b8e3f4395  ppc/8.0/SRPMS/webmin-0.970-2.2mdk.src.rpm

Mandrakelinux 8.1

 c54d6a04c43babd622352dc154c11cf1  8.1/RPMS/webmin-0.970-2.3mdk.noarch.rpm
bd072335c255b99babe2820da0f40895  8.1/SRPMS/webmin-0.970-2.3mdk.src.rpm

Mandrakelinux 8.1/IA64

 85e21a0044eadb0c4fcc7154490904d2  ia64/8.1/RPMS/webmin-0.970-2.3mdk.noarch.rpm
bd072335c255b99babe2820da0f40895  ia64/8.1/SRPMS/webmin-0.970-2.3mdk.src.rpm

Mandrakelinux 8.2

 f539ce86d0abc4dc722ef80d1f44b041  8.2/RPMS/webmin-0.970-2.3mdk.noarch.rpm
bd072335c255b99babe2820da0f40895  8.2/SRPMS/webmin-0.970-2.3mdk.src.rpm

Mandrakelinux 8.2/PPC

 a37bc31328fa2a6cad1160db622b8006  ppc/8.2/RPMS/webmin-0.970-2.3mdk.noarch.rpm
bd072335c255b99babe2820da0f40895  ppc/8.2/SRPMS/webmin-0.970-2.3mdk.src.rpm

Mandrakelinux 9.0

 78ef5e7e090ed425adafb1bcd044a6d3  9.0/RPMS/webmin-0.990-6.1mdk.noarch.rpm
4c1ec7e6fbca1226856a325ec0d35de3  9.0/SRPMS/webmin-0.990-6.1mdk.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0101
http://marc.theaimsgroup.com/?l=webmin-announce&m=104587858408101&w=2

Upgrade

To upgrade automatically, use MandrivaUpdate.

Verification

Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :

                rpm --checksig package.rpm

You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.

If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.

URL:

https://mandriva.com/security/advisories

Short link:

https://mandriva.com/content/view/full/1075

Intersites Menu

Mandriva

Tools

Top menu

Advisories

Footer