Gentoo Security Advisory GLSA 200409-15 (Usermin) Network Vulnerability

Summary

The remote host is missing updates announced in advisory GLSA 200409-15.

Solution

All Usermin users should upgrade to the latest version: # emerge sync # emerge -pv '>=app-admin/usermin-1.090' # emerge '>=app-admin/usermin-1.090' All Webmin users should upgrade to the latest version: # emerge sync # emerge -pv '>=app-admin/webmin-1.160' # emerge '>=app-admin/webmin-1.160' http://www.securityspace.com/smysecure/catid.html?in=GLSA%20200409-15 http://bugs.gentoo.org/show_bug.cgi?id=63167 http://secunia.com/advisories/12488/ http://www.webmin.com/uchanges.html

Insight

A vulnerability in the webmail function of Usermin could be used by an attacker to execute shell code via a specially-crafted e-mail. A bug in the installation script of Webmin and Usermin also allows a local user to execute a symlink attack at installation time.

Severity

Classification

CVE CVE-2004-0559, CVE-2004-1468

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Gentoo Security Advisory GLSA 200310-03 (Apache)
Gentoo Security Advisory GLSA 200403-13 (mplayer)
Gentoo Security Advisory GLSA 200406-16 (Apache)
Gentoo Security Advisory GLSA 200406-13 (squid)
Gentoo Security Advisory GLSA 200406-02 (tripwire)

Take action and discover your vulnerabilities