Paketname
webmin
Datum
2006-09-27
Advisory ID
MDKSA-2006:170-1
Betroffene Versionen
2007.0 x86_64 , 2007.0 i586

Problembeschreibung

Webmin before 1.296 and Usermin before 1.226 does not properly handle a
URL with a null ("%00") character, which allows remote attackers to
conduct cross-site scripting (XSS), read CGI program source code, list
directories, and possibly execute programs.

Updated packages have been patched to correct this issue.

Update:

Packages are now available for Mandriva Linux 2007.

Aktualisierte Pakete

2007.0 x86_64

 e6042ec6b4e74f560e9a05f8b05fafd5  2007.0/x86_64/webmin-1.290-4.1mdv2007.0.noarch.rpm 
 5796c775e71e3aef04bd6fd356ea049e  2007.0/SRPMS/webmin-1.290-4.1mdv2007.0.src.rpm

2007.0 i586

 e47e91c741de0fa6fabb1653784c0400  2007.0/i586/webmin-1.290-4.1mdv2007.0.noarch.rpm 
 5796c775e71e3aef04bd6fd356ea049e  2007.0/SRPMS/webmin-1.290-4.1mdv2007.0.src.rpm

Referenzen