MDKSA-2005:176
- Package name
- webmin
- Date
- 2005-10-07
- Advisory ID
- MDKSA-2005:176
- Affected versions
- 2006.0 i586 , 2006.0 x86_64
Problem description
Miniserv.pl in Webmin 1.220, when "full PAM conversations" is enabled, allows remote attackers to bypass authentication by spoofing session IDs via certain metacharacters (line feed or carriage return). The updated packages have been patched to correct this issues.
Updated packages
2006.0 i586
a848ccbf6344438775ec1304879aef4d 2006.0/RPMS/webmin-1.220-9.1.20060mdk.noarch.rpm bd414e303f86c49a7544a9b8bb99d4a9 2006.0/SRPMS/webmin-1.220-9.1.20060mdk.src.rpm
2006.0 x86_64
c9aa3f93679c4aa22d0d56843315bb13 x86_64/2006.0/RPMS/webmin-1.220-9.1.20060mdk.noarch.rpm bd414e303f86c49a7544a9b8bb99d4a9 x86_64/2006.0/SRPMS/webmin-1.220-9.1.20060mdk.src.rpm