Package name
webmin
Date
2005-10-07
Advisory ID
MDKSA-2005:176
Affected versions
2006.0 i586 , 2006.0 x86_64

Problem description

Miniserv.pl in Webmin 1.220, when "full PAM conversations" is enabled, allows remote attackers to bypass authentication by spoofing session IDs via certain metacharacters (line feed or carriage return). The updated packages have been patched to correct this issues.

Updated packages

2006.0 i586

 a848ccbf6344438775ec1304879aef4d  2006.0/RPMS/webmin-1.220-9.1.20060mdk.noarch.rpm
bd414e303f86c49a7544a9b8bb99d4a9  2006.0/SRPMS/webmin-1.220-9.1.20060mdk.src.rpm

2006.0 x86_64

 c9aa3f93679c4aa22d0d56843315bb13  x86_64/2006.0/RPMS/webmin-1.220-9.1.20060mdk.noarch.rpm
bd414e303f86c49a7544a9b8bb99d4a9  x86_64/2006.0/SRPMS/webmin-1.220-9.1.20060mdk.src.rpm

References