Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2003-0101

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2003-0101
Last Modified 10 Sep 2008 08:05:49
Published 03 Mar 2003 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2003-0101

Summary

miniserv.pl in (1) Webmin before 1.070 and (2) Usermin before 1.000 does not properly handle metacharacters such as line feeds and carriage returns (CRLF) in Base-64 encoded strings during Basic authentication, which allows remote attackers to spoof a session ID and gain root privileges.

Vulnerable Systems

Application

  • Engardelinux Guardian Digital Webtool 1.2

  • Usermin 0.4

  • Usermin 0.5

  • Usermin 0.6

  • Usermin 0.7

  • Usermin 0.8

  • Usermin 0.9

  • Usermin 0.91

  • Usermin 0.92

  • Usermin 0.93

  • Usermin 0.94

  • Usermin 0.95

  • Usermin 0.96

  • Usermin 0.97

  • Usermin 0.98

  • Usermin 0.99

  • Webmin 1.0.50

  • Webmin 1.0.60


References

CONFIRM - http://marc.theaimsgroup.com/?l=webmin-announce&m=104587858408101&w=2

BUGTRAQ - 20030224 [SNS Advisory No.62] Webmin/Usermin Session ID Spoofing Vulnerability "Episode 2"

BID - 6915

MISC - http://www.lac.co.jp/security/english/snsadv_e/62_e.html

XF - webmin-usermin-root-access(11390)

DEBIAN - DSA-319

CIAC - N-058

BUGTRAQ - 20030224 GLSA: usermin (200302-14)

BUGTRAQ - 20030224 Webmin 1.050 - 1.060 remote exploit

ENGARDE - ESA-20030225-006

HP - HPSBUX0303-250

SGI - 20030602-01-I

SECTRACK - 1006160

MANDRAKE - MDKSA-2003:025

CONFIRM - http://www.linuxsecurity.com/advisories/gentoo_advisory-2886.html

SECUNIA - 8163

SECUNIA - 8115


Last Updated: 27 May 2016 10:37:47