Debian Security Advisory DSA 526-1 (webmin) Network Vulnerability

Summary

The remote host is missing an update to webmin announced via advisory DSA 526-1.

Solution

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20526-1

Insight

Two vulnerabilities were discovered in webmin: CVE-2004-0582: Unknown vulnerability in Webmin 1.140 allows remote attackers to bypass access control rules and gain read access to configuration information for a module. CVE-2004-0583: The account lockout functionality in (1) Webmin 1.140 and (2) Usermin 1.070 does not parse certain character strings, which allows remote attackers to conduct a brute force attack to guess user IDs and passwords. For the current stable distribution (woody), these problems have been fixed in version 0.94-7woody2. For the unstable distribution (sid), these problems have been fixed in version 1.150-1. We recommend that you update your webmin package.

Severity

Classification

CVE CVE-2004-0582, CVE-2004-0583

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Debian Security Advisory DSA 086-1 (ssh-nonfree, ssh-socks)
Debian Security Advisory DSA 067-1 (apache,apache-ssl)
Debian Security Advisory DSA 1081-1 (libextractor)
Debian Security Advisory DSA 1075-1 (awstats)
Debian Security Advisory DSA 1124-1 (fbi)

Take action and discover your vulnerabilities