Paketname
webmin
Datum
2006-09-22
Advisory ID
MDKSA-2006:170
Betroffene Versionen
CS4.0 x86_64 , 2006.0 i586 , CS4.0 i586 , CS3.0 x86_64 , CS3.0 i586 , 2006.0 x86_64

Problembeschreibung

Webmin before 1.296 and Usermin before 1.226 does not properly handle a
URL with a null ("%00") character, which allows remote attackers to
conduct cross-site scripting (XSS), read CGI program source code, list
directories, and possibly execute programs.

Updated packages have been patched to correct this issue.

Aktualisierte Pakete

CS4.0 x86_64

 9789548c068ba27a97364316a7714b4d  corporate/4.0/x86_64/webmin-1.220-9.7.20060mlcs4.noarch.rpm 
 7149a9c0fd1fa15595d63baf0c8130f6  corporate/4.0/SRPMS/webmin-1.220-9.7.20060mlcs4.src.rpm

2006.0 i586

 53995b233a220e3a374461a42c131e02  2006.0/i586/webmin-1.220-9.5.20060mdk.noarch.rpm 
 0d97837d940729f9d617f8e50d516778  2006.0/SRPMS/webmin-1.220-9.5.20060mdk.src.rpm

CS4.0 i586

 b6672f839e69bd3d564ca2c34169df31  corporate/4.0/i586/webmin-1.220-9.7.20060mlcs4.noarch.rpm 
 7149a9c0fd1fa15595d63baf0c8130f6  corporate/4.0/SRPMS/webmin-1.220-9.7.20060mlcs4.src.rpm

CS3.0 x86_64

 51eda948ce432904b65f9344800c259c  corporate/3.0/x86_64/webmin-1.121-4.7.C30mdk.noarch.rpm 
 cb2e9906f2470e2c64c442ed5b07d08b  corporate/3.0/SRPMS/webmin-1.121-4.7.C30mdk.src.rpm

CS3.0 i586

 07c54213a244025ddee9a2fe99ad7ede  corporate/3.0/i586/webmin-1.121-4.7.C30mdk.noarch.rpm 
 cb2e9906f2470e2c64c442ed5b07d08b  corporate/3.0/SRPMS/webmin-1.121-4.7.C30mdk.src.rpm

2006.0 x86_64

 b33be5a839ed88eabe346bc24986e388  2006.0/x86_64/webmin-1.220-9.5.20060mdk.noarch.rpm 
 0d97837d940729f9d617f8e50d516778  2006.0/SRPMS/webmin-1.220-9.5.20060mdk.src.rpm

Referenzen