Debian: webmin Multiple vulnerabilities

    Date08 Jul 2004
    CategoryDebian
    2415
    Posted ByLinuxSecurity Advisories
    This patch addresses an ACL bypass and the ability to use brute force to get IDs and passwords.
    
    Debian Security Advisory DSA 526-1                     This email address is being protected from spambots. You need JavaScript enabled to view it. 
    http://www.debian.org/security/                             Matt Zimmerman
    July 3rd, 2004                           http://www.debian.org/security/faq
    - --------------------------------------------------------------------------
    
    Package        : webmin
    Vulnerability  : several
    Problem-Type   : remote
    Debian-specific: no
    CVE Ids        : CAN-2004-0582 CAN-2004-0583
    
    Two vulnerabilities were discovered in webmin:
    
    CAN-2004-0582: Unknown vulnerability in Webmin 1.140 allows remote
     attackers to bypass access control rules and gain read access to
     configuration information for a module.
    
    CAN-2004-0583: The account lockout functionality in (1) Webmin 1.140
     and (2) Usermin 1.070 does not parse certain character strings, which
     allows remote attackers to conduct a brute force attack to guess user
     IDs and passwords.
    
    For the current stable distribution (woody), these problems have been
    fixed in version 0.94-7woody2.
    
    For the unstable distribution (sid), these problems have been fixed in
    version 1.150-1.
    
    We recommend that you update your webmin package.
    
    Upgrade Instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    Debian GNU/Linux 3.0 alias woody
    - --------------------------------
    
      Source archives:
    
         http://security.debian.org/pool/updates/main/w/webmin/webmin_0.94-7woody2.dsc
          Size/MD5 checksum:     1126 995ac5b48cbc4baf168d89aea22e3258
         http://security.debian.org/pool/updates/main/w/webmin/webmin_0.94-7woody2.diff.gz
          Size/MD5 checksum:    63417 8c70be8b163bf819c8e6fca95b898654
         http://security.debian.org/pool/updates/main/w/webmin/webmin_0.94.orig.tar.gz
          Size/MD5 checksum:  4831737 114c7ca2557c17faebb627a3de7acb97
    
      Architecture independent components:
    
         http://security.debian.org/pool/updates/main/w/webmin/webmin-apache_0.94-7woody2_all.deb
          Size/MD5 checksum:   223884 22de96c300bc414b2f2982d077190a7c
         http://security.debian.org/pool/updates/main/w/webmin/webmin-bind8_0.94-7woody2_all.deb
          Size/MD5 checksum:   181060 2ca3ebb2b494877720b400e9a8a19130
         http://security.debian.org/pool/updates/main/w/webmin/webmin-burner_0.94-7woody2_all.deb
          Size/MD5 checksum:    32944 00283db28697c6104869afd8599bd691
         http://security.debian.org/pool/updates/main/w/webmin/webmin-cluster-software_0.94-7woody2_all.deb
          Size/MD5 checksum:    28296 968a289d95e6c665df672a3e151425cb
         http://security.debian.org/pool/updates/main/w/webmin/webmin-cluster-useradmin_0.94-7woody2_all.deb
          Size/MD5 checksum:    32568 61e0a5f74bc0bbc41caeaabc0fb5de99
         http://security.debian.org/pool/updates/main/w/webmin/webmin-core_0.94-7woody2_all.deb
          Size/MD5 checksum:  1258080 ca65a0dd02df1f6d52884114c0373cf4
         http://security.debian.org/pool/updates/main/w/webmin/webmin-cpan_0.94-7woody2_all.deb
          Size/MD5 checksum:    27010 ca3b05a95193cf97c6348b1f44ae03b6
         http://security.debian.org/pool/updates/main/w/webmin/webmin-dhcpd_0.94-7woody2_all.deb
          Size/MD5 checksum:    97166 229fc6f7eedbef4663ed1587d4b1a724
         http://security.debian.org/pool/updates/main/w/webmin/webmin-exports_0.94-7woody2_all.deb
          Size/MD5 checksum:    55360 f62c16dd09bae16329470911174c45b9
         http://security.debian.org/pool/updates/main/w/webmin/webmin-fetchmail_0.94-7woody2_all.deb
          Size/MD5 checksum:    27938 1bf4b912a833fbb8fd709f3319d2fa82
         http://security.debian.org/pool/updates/main/w/webmin/webmin-heartbeat_0.94-7woody2_all.deb
          Size/MD5 checksum:    21688 f6a85cf21843bea1f9856f559dca2469
         http://security.debian.org/pool/updates/main/w/webmin/webmin-inetd_0.94-7woody2_all.deb
          Size/MD5 checksum:    46456 297501fccf6eeee31a6b02b9fbc3a3ec
         http://security.debian.org/pool/updates/main/w/webmin/webmin-jabber_0.94-7woody2_all.deb
          Size/MD5 checksum:    32094 6870567dff48f54dc846216223da8e3a
         http://security.debian.org/pool/updates/main/w/webmin/webmin-lpadmin_0.94-7woody2_all.deb
          Size/MD5 checksum:   103388 2c95c4cf6ae9fc4b320c43aac48fa1bb
         http://security.debian.org/pool/updates/main/w/webmin/webmin-mon_0.94-7woody2_all.deb
          Size/MD5 checksum:    63490 fd37e7a07dabe8cb016a3037aba75796
         http://security.debian.org/pool/updates/main/w/webmin/webmin-mysql_0.94-7woody2_all.deb
          Size/MD5 checksum:   121704 220d406600a9f355df3a916a1627a7cc
         http://security.debian.org/pool/updates/main/w/webmin/webmin-nis_0.94-7woody2_all.deb
          Size/MD5 checksum:    67036 90a3b2bf04d954c11156194a788ce1cc
         http://security.debian.org/pool/updates/main/w/webmin/webmin-postfix_0.94-7woody2_all.deb
          Size/MD5 checksum:   209084 68a0cf048a8a585a7c63abca9d31fbc4
         http://security.debian.org/pool/updates/main/w/webmin/webmin-postgresql_0.94-7woody2_all.deb
          Size/MD5 checksum:    78792 347840e8305a3c16f053e9bcf4389594
         http://security.debian.org/pool/updates/main/w/webmin/webmin-ppp_0.94-7woody2_all.deb
          Size/MD5 checksum:    21026 fd312485daa6d1b97db57f960cb6d2f8
         http://security.debian.org/pool/updates/main/w/webmin/webmin-qmailadmin_0.94-7woody2_all.deb
          Size/MD5 checksum:    39820 a98ed9cf6633f0d844e5dcdf07330237
         http://security.debian.org/pool/updates/main/w/webmin/webmin-quota_0.94-7woody2_all.deb
          Size/MD5 checksum:    89304 c756d2c966ad30165fdba6aa9956af4c
         http://security.debian.org/pool/updates/main/w/webmin/webmin-raid_0.94-7woody2_all.deb
          Size/MD5 checksum:    36384 adea65391d94ab7e4902f120a134a9d7
         http://security.debian.org/pool/updates/main/w/webmin/webmin-samba_0.94-7woody2_all.deb
          Size/MD5 checksum:   133746 db13e84d7c2613248daff848a3b826bc
         http://security.debian.org/pool/updates/main/w/webmin/webmin-sendmail_0.94-7woody2_all.deb
          Size/MD5 checksum:   240714 3d6ddce61af213c76b53843b59d4ac8f
         http://security.debian.org/pool/updates/main/w/webmin/webmin-software_0.94-7woody2_all.deb
          Size/MD5 checksum:    91650 db9819b53497d70653e0c6eac5f748b6
         http://security.debian.org/pool/updates/main/w/webmin/webmin-squid_0.94-7woody2_all.deb
          Size/MD5 checksum:   223974 adbeb70d3fd39f2aaa10b8d642f8f0db
         http://security.debian.org/pool/updates/main/w/webmin/webmin-sshd_0.94-7woody2_all.deb
          Size/MD5 checksum:    43666 78f683b147d29340e0ae87c2919afa98
         http://security.debian.org/pool/updates/main/w/webmin/webmin-ssl_0.94-7woody2_all.deb
          Size/MD5 checksum:     8406 f7237e77cc5d19b5c4048b4fc05300eb
         http://security.debian.org/pool/updates/main/w/webmin/webmin-status_0.94-7woody2_all.deb
          Size/MD5 checksum:    43452 606bf0ab3115e71e59345393492d0dd8
         http://security.debian.org/pool/updates/main/w/webmin/webmin-stunnel_0.94-7woody2_all.deb
          Size/MD5 checksum:    26750 92533f3c91f2b285729a1b5299f3ee46
         http://security.debian.org/pool/updates/main/w/webmin/webmin-wuftpd_0.94-7woody2_all.deb
          Size/MD5 checksum:   113522 2d60c4a473e533014c5750d3e3a7366f
         http://security.debian.org/pool/updates/main/w/webmin/webmin-xinetd_0.94-7woody2_all.deb
          Size/MD5 checksum:    32648 12d6edfc27ef9087c344cd24093e947d
         http://security.debian.org/pool/updates/main/w/webmin/webmin_0.94-7woody2_all.deb
          Size/MD5 checksum:   514162 f4b38b85faa032ffe0715929df40551c
    
      Intel IA-32 architecture:
    
         http://security.debian.org/pool/updates/main/w/webmin/webmin-grub_0.94-7woody2_i386.deb
          Size/MD5 checksum:    29432 615495ff454f129d404a720f6ede5993
    
      These files will probably be moved into the stable distribution on
      its next revision.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb  http://security.debian.org/ stable/updates main
    For dpkg-ftp:  ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    Package info: `apt-cache show ' and  http://packages.debian.org/
    
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"4","type":"x","order":"1","pct":57.14,"resources":[]},{"id":"88","title":"Should be more technical","votes":"2","type":"x","order":"2","pct":28.57,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"1","type":"x","order":"3","pct":14.29,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.