Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-3042

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2005-3042
Last Modified 07 Mar 2011 09:25:40
Published 22 Sep 2005 06:03:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-3042

Summary

miniserv.pl in Webmin before 1.230 and Usermin before 1.160, when "full PAM conversations" is enabled, allows remote attackers to bypass authentication by spoofing session IDs via certain metacharacters (line feed or carriage return).

Vulnerable Systems

Application

  • Usermin 1.150

  • Webmin 1.2.20


References

CONFIRM - http://www.webmin.com/changes-1.230.html

MISC - http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/83_e.html

SECUNIA - 16858

BUGTRAQ - 20050921 [SNS Advisory No.83] Webmin/Usermin PAM Authentication Bypass Vulnerability

CONFIRM - http://www.webmin.com/uchanges-1.160.html

VUPEN - ADV-2005-1791

OSVDB - 19575

SUSE - SUSE-SR:2005:024

MANDRIVA - MDKSA-2005:176

GENTOO - GLSA-200509-17

SECUNIA - 17282

JVN - JVN#40940493

BID - 14889

SREASON - 17


Last Updated: 27 May 2016 10:40:46