Lucene search
GoogleOSV:DSA-319HistoryJun 12, 2003 - 12:00 a.m.
webmin - session ID spoofing
2003-06-1200:00:00
Google
osv.dev
12
EPSS
0.069
Percentile
93.9%
miniserv.pl in the webmin package does not properly handle
metacharacters, such as line feeds and carriage returns, in
Base64-encoded strings used in Basic authentication. This
vulnerability allows remote attackers to spoof a session ID, and
thereby gain root privileges.
For the stable distribution (woody) this problem has been fixed in
version 0.94-7woody1.
The old stable distribution (potato) does not contain a webmin package.
For the unstable distribution (sid) this problem is fixed in version
1.070-1.
We recommend that you update your webmin package.
References
Related
nessus
nessus
Mandrake Linux Security Advisory : webmin (MDKSA-2003:025)
2004-07-31 00:00:00
Usermin 'miniserv.pl' Base-64 String Metacharacter Handling Session Spoofing
2003-02-28 00:00:00
Webmin < 1.070 authentication bypass
2018-03-22 00:00:00
openvas
openvas
HP-UX Update for Webmin HPSBUX00250
2009-05-05 00:00:00
Debian Security Advisory DSA 319-1 (webmin)
2008-01-17 00:00:00
HP-UX Update for Webmin HPSBUX00250
2009-05-05 00:00:00
cvelist
cvelist
CVE-2003-0101
2003-02-26 05:00:00
exploitdb
exploitdb
Webmin 0.9x / Usermin 0.9x/1.0 - Access Session ID Spoofing
2003-02-20 00:00:00
cve
cve
CVE-2003-0101
2003-03-03 05:00:00
nvd
nvd
CVE-2003-0101
2003-03-03 05:00:00
debian
debian
[SECURITY] [DSA-319-1] New webmin packages fix remote session ID spoofing
2003-06-12 23:53:38