[UNIX] Webmin/Usermin Cross-site Scripting Vulnerability
From: support@securiteam.comDate: 05/08/02
- Previous message: support@securiteam.com: "[UNIX] ISC DHCPDv3 Remote Root Compromise"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: support@securiteam.com To: list@securiteam.com Date: Wed, 8 May 2002 21:01:31 +0200 (CEST)
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -
Webmin/Usermin Cross-site Scripting Vulnerability
------------------------------------------------------------------------
SUMMARY
The authentication page of both Webmin and Usermin is prone to a
cross-site scripting vulnerability.
DETAILS
Vulnerable systems:
* Webmin version 0.960 and prior
* Usermin version 0.90 and prior
Immune systems:
* Webmin version 0.970
* Usermin version 0.910
Webmin is a web-based system administration tool for UNIX. Usermin is a
web interface that allows all users on a UNIX system to easily receive
mails and to perform SSH and mail forwarding configuration. A potential
cross-site scripting vulnerability may occur because the CGI script of the
authentication page used by both Webmin and Usermin, prints user's input
on the error page.
Webmin and Usermin users' session ID cookies cannot be acquired, since
this problem only occurs when users are not logged into these software
packages. However, there is a possibility that the cookie of a Web service
may be stolen if it is running on the same host as of Webmin/Usermin.
Solution:
This problem can be eliminated by upgrading to Webmin version 0.970
/Usermin version 0.910, which are available at the following URL:
<http://www.webmin.com/> http://www.webmin.com/
ADDITIONAL INFORMATION
The information has been provided by <mailto:snsadv@lac.co.jp> Keigo
Yamazaki.
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Previous message: support@securiteam.com: "[UNIX] ISC DHCPDv3 Remote Root Compromise"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
- [Full-disclosure] [ GLSA 200509-17 ] Webmin, Usermin: Remote code execution through PAM authenticati
... If Webmin or Usermin is configured to use full PAM conversations, ... Webmin
and Usermin are web-based system administration consoles. ... credentials before sending
them to the PAM (Pluggable Authentication ... (Full-Disclosure) - [ GLSA 200509-17 ] Webmin, Usermin: Remote code execution through PAM authentication
... If Webmin or Usermin is configured to use full PAM conversations, ... Webmin
and Usermin are web-based system administration consoles. ... credentials before sending
them to the PAM (Pluggable Authentication ... (Bugtraq) - [UNIX] Webmin/Usermin Session ID Spoofing Vulnerability "Episode 2"
... The following security advisory is sent to the securiteam mailing list, and can be
found at the SecuriTeam web site: http://www.securiteam.com ... Webmin is a web-based system
administration tool for UNIX. ... Usermin to run. ... a session ID and during
the ... (Securiteam) - [UNIX] Webmin/Usermin Session ID Spoofing Vulnerability
... The following security advisory is sent to the securiteam mailing list, and can be found at
the SecuriTeam web site: http://www.securiteam.com ... the child process of Webmin
and Usermin, which could allow an attacker to ... spoof a session ID as any user
already logged in. ... (Securiteam) - [SNS Advisory No.52] Webmin/Usermin Cross-site Scripting Vulnerability
... Webmin/Usermin Cross-site Scripting Vulnerability ... The authentication page
of both Webmin and Usermin is prone to a ... Webmin is a web-based system administration
tool for Unix. ... the authentication page used by both Webmin and Usermin, ...
(Bugtraq)
