Summary
The remote host is missing an update to webmin
announced via advisory DSA 544-1.
Solution
https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20544-1
Insight
Ludwig Nussel discovered a problem in webmin, a web-based administration toolkit. A temporary directory was used but without checking for the previous owner. This could allow an attacker to create the directory and place dangerous symbolic links inside.
For the stable distribution (woody) this problem has been fixed in version 0.94-7woody3.
For the unstable distribution (sid) this problem has been fixed in version 1.160-1 of webmin and 1.090-1 of usermin.
We recommend that you upgrade your webmin packages.
Severity
Classification
-
CVE CVE-2004-0559 -
CVSS Base Score: 2.1
AV:L/AC:L/Au:N/C:N/I:P/A:N
Related Vulnerabilities