MDKSA-2006:170
- Package name
- webmin
- Date
- 2006-09-22
- Advisory ID
- MDKSA-2006:170
- Affected versions
- CS4.0 x86_64 , 2006.0 i586 , CS4.0 i586 , CS3.0 x86_64 , CS3.0 i586 , 2006.0 x86_64
Problem description
Webmin before 1.296 and Usermin before 1.226 does not properly handle a
URL with a null ("%00") character, which allows remote attackers to
conduct cross-site scripting (XSS), read CGI program source code, list
directories, and possibly execute programs.
Updated packages have been patched to correct this issue.
Updated packages
CS4.0 x86_64
9789548c068ba27a97364316a7714b4d corporate/4.0/x86_64/webmin-1.220-9.7.20060mlcs4.noarch.rpm 7149a9c0fd1fa15595d63baf0c8130f6 corporate/4.0/SRPMS/webmin-1.220-9.7.20060mlcs4.src.rpm
2006.0 i586
53995b233a220e3a374461a42c131e02 2006.0/i586/webmin-1.220-9.5.20060mdk.noarch.rpm 0d97837d940729f9d617f8e50d516778 2006.0/SRPMS/webmin-1.220-9.5.20060mdk.src.rpm
CS4.0 i586
b6672f839e69bd3d564ca2c34169df31 corporate/4.0/i586/webmin-1.220-9.7.20060mlcs4.noarch.rpm 7149a9c0fd1fa15595d63baf0c8130f6 corporate/4.0/SRPMS/webmin-1.220-9.7.20060mlcs4.src.rpm
CS3.0 x86_64
51eda948ce432904b65f9344800c259c corporate/3.0/x86_64/webmin-1.121-4.7.C30mdk.noarch.rpm cb2e9906f2470e2c64c442ed5b07d08b corporate/3.0/SRPMS/webmin-1.121-4.7.C30mdk.src.rpm
CS3.0 i586
07c54213a244025ddee9a2fe99ad7ede corporate/3.0/i586/webmin-1.121-4.7.C30mdk.noarch.rpm cb2e9906f2470e2c64c442ed5b07d08b corporate/3.0/SRPMS/webmin-1.121-4.7.C30mdk.src.rpm
2006.0 x86_64
b33be5a839ed88eabe346bc24986e388 2006.0/x86_64/webmin-1.220-9.5.20060mdk.noarch.rpm 0d97837d940729f9d617f8e50d516778 2006.0/SRPMS/webmin-1.220-9.5.20060mdk.src.rpm