Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-3912

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2005-3912
Last Modified 07 Mar 2011 09:27:21
Published 30 Nov 2005 06:03:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-3912

Summary

Format string vulnerability in miniserv.pl Perl web server in Webmin before 1.250 and Usermin before 1.180, with syslog logging enabled, allows remote attackers to cause a denial of service (crash or memory consumption) and possibly execute arbitrary code via format string specifiers in the username parameter to the login form, which is ultimately used in a syslog call. NOTE: the code execution might be associated with an issue in Perl.

Vulnerable Systems

Application

  • Webmin 1.1.60

  • Webmin 1.2.40


References

BUGTRAQ - 20051129 Webmin miniserv.pl format string vulnerability

MISC - http://www.dyadsecurity.com/webmin-0001.html

SECUNIA - 17749

MLIST - [Dailydave] 20051129 Webmin miniserv.pl format string vulnerability

CONFIRM - http://www.webmin.com/uchanges-1.180.html

CONFIRM - http://www.webmin.com/security.html

CONFIRM - http://www.webmin.com/changes-1.250.html

VUPEN - ADV-2005-2660

SUSE - SUSE-SR:2005:030

GENTOO - GLSA-200512-02

DEBIAN - DSA-1199

SECUNIA - 22556

SECUNIA - 18101

SECUNIA - 17942

SECUNIA - 17878

SECUNIA - 17817

MANDRIVA - MDKSA-2005:223


Last Updated: 27 May 2016 10:41:06