Gentoo Security Advisory GLSA 200608-11 (webmin/usermin) Network Vulnerability

Summary

The remote host is missing updates announced in advisory GLSA 200608-11.

Solution

All Webmin users should update to the latest stable version: # emerge --sync # emerge --ask --verbose --oneshot '>=app-admin/webmin-1.290' All Usermin users should update to the latest stable version: # emerge --sync # emerge --ask --verbose --oneshot '>=app-admin/usermin-1.220' http://www.securityspace.com/smysecure/catid.html?in=GLSA%20200608-11 http://bugs.gentoo.org/show_bug.cgi?id=138552

Insight

Webmin and Usermin are vulnerable to an arbitrary file disclosure through a specially crafted URL.

Severity

Classification

CVE CVE-2006-3392

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Gentoo Security Advisory GLSA 200409-16 (Samba)
Gentoo Security Advisory GLSA 200409-29 (FreeRADIUS)
Gentoo Security Advisory GLSA 200409-07 (xv)
Gentoo Security Advisory GLSA 200411-03 (apache)
Gentoo Security Advisory GLSA 200404-01 (Portage)

Take action and discover your vulnerabilities