The remote host is missing an update to webmin announced via advisory DSA 1199-1. Several vulnerabilities have been identified in webmin, a web-based administration toolkit. CVE-2005-3912 A format string vulnerability in miniserv.pl could allow an attacker to cause a denial of service by crashing the application or exhausting system resources, and could potentially allow arbitrary code execution. CVE-2006-3392 Improper input sanitization in miniserv.pl could allow an attacker to read arbitrary files on the webmin host by providing a specially crafted URL path to the miniserv http server. CVE-2006-4542 Improper handling of null characters in URLs in miniserv.pl could allow an attacker to conduct cross-site scripting attacks, read CGI program source code, list local directories, and potentially execute arbirary code.

For the stable distribution (sarge), these problems have been fixed in version 1.180-3sarge1 Webmin is not included in unstable (sid) or testing (etch), so these problems are not present. We recommend that you upgrade your webmin (1.180-3sarge1) package. https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201199-1