MDKSA-2004:074

Package name

webmin

Date

2004-07-27

Advisory ID

MDKSA-2004:074

Affected versions

9.2 amd64 , CS2.1 x86_64 , 10.0 amd64 , CS2.1 i586 , 10.0 i586 , 9.2 i586 , 9.1 i586 , 9.1 i586

Problem description

Unknown vulnerability in Webmin 1.140 allows remote attackers to bypass access control rules and gain read access to configuration information for a module. (CAN-2004-0582) The account lockout functionality in Webmin 1.140 does not parse certain character strings, which allows remote attackers to conduct a brute force attack to guess user IDs and passwords. (CAN-2004-0583) The updated packages are patched to correct the problem.

Updated packages

9.2 amd64

 e2a51d9f29d2b1d9bdfc43e659fc5e62  amd64/9.2/RPMS/webmin-1.100-3.1.92mdk.noarch.rpm
1199a752674c1c5ba2b10f0467a8fc3f  amd64/9.2/SRPMS/webmin-1.100-3.1.92mdk.src.rpm

CS2.1 x86_64

 1d30a6a756677c747bf75a0ad052ab2f  x86_64/corporate/2.1/RPMS/webmin-0.990-6.3.C21mdk.noarch.rpm
588ab8bcb01be6972982d44a2bcfafbc  x86_64/corporate/2.1/SRPMS/webmin-0.990-6.3.C21mdk.src.rpm

10.0 amd64

 fba3d5ccb5b63170e9196f4a46744544  amd64/10.0/RPMS/webmin-1.121-4.1.100mdk.noarch.rpm
17f6d0e32710edeb5326320a18475d28  amd64/10.0/SRPMS/webmin-1.121-4.1.100mdk.src.rpm

CS2.1 i586

 650bd74be9292e4e4019983607d25d36  corporate/2.1/RPMS/webmin-0.990-6.3.C21mdk.noarch.rpm
588ab8bcb01be6972982d44a2bcfafbc  corporate/2.1/SRPMS/webmin-0.990-6.3.C21mdk.src.rpm

10.0 i586

 4fe37cfc98af3ca32ffb6e29efc3cc58  10.0/RPMS/webmin-1.121-4.1.100mdk.noarch.rpm
17f6d0e32710edeb5326320a18475d28  10.0/SRPMS/webmin-1.121-4.1.100mdk.src.rpm

9.2 i586

 fb53296da836a7e60133ec52ce16be7f  9.2/RPMS/webmin-1.100-3.1.92mdk.noarch.rpm
1199a752674c1c5ba2b10f0467a8fc3f  9.2/SRPMS/webmin-1.100-3.1.92mdk.src.rpm

9.1 i586

 a9bbe302fe2931b8dc1d6ba4a98628c8  9.1/RPMS/webmin-1.070-1.1.91mdk.noarch.rpm
afc83f59d85baba2b54e4e37c5e0f7fe  9.1/SRPMS/webmin-1.070-1.1.91mdk.src.rpm

9.1 i586

 02928c759998ad48dcf15bf42b025c3f  ppc/9.1/RPMS/webmin-1.070-1.1.91mdk.noarch.rpm
afc83f59d85baba2b54e4e37c5e0f7fe  ppc/9.1/SRPMS/webmin-1.070-1.1.91mdk.src.rpm

References

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0582
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0583