MDKSA-2006:170-1
- Package name
- webmin
- Date
- 2006-09-27
- Advisory ID
- MDKSA-2006:170-1
- Affected versions
- 2007.0 x86_64 , 2007.0 i586
Problem description
Webmin before 1.296 and Usermin before 1.226 does not properly handle a
URL with a null ("%00") character, which allows remote attackers to
conduct cross-site scripting (XSS), read CGI program source code, list
directories, and possibly execute programs.
Updated packages have been patched to correct this issue.
Update:
Packages are now available for Mandriva Linux 2007.
Updated packages
2007.0 x86_64
e6042ec6b4e74f560e9a05f8b05fafd5 2007.0/x86_64/webmin-1.290-4.1mdv2007.0.noarch.rpm 5796c775e71e3aef04bd6fd356ea049e 2007.0/SRPMS/webmin-1.290-4.1mdv2007.0.src.rpm
2007.0 i586
e47e91c741de0fa6fabb1653784c0400 2007.0/i586/webmin-1.290-4.1mdv2007.0.noarch.rpm 5796c775e71e3aef04bd6fd356ea049e 2007.0/SRPMS/webmin-1.290-4.1mdv2007.0.src.rpm