[Japanese]

JVNDB-2005-000537

Webmin and Usermin authentication bypass vulnerability

Overview

Webmin and Usermin, web-based system management tools for UNIX, contain a vulnerability which may allow a remote attacker to bypass authentication when PAM authentication is used.
CVSS Severity (What is CVSS?)

CVSS V2 Severity:
Base Metrics 9.3 (High) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Medium
  • Authentication: None
  • Confidentiality Impact: Complete
  • Integrity Impact: Complete
  • Availability Impact: Complete
Affected Products


Webmin Project
  • Usermin Version 1.130 - 1.160
  • Webmin Version 1.200 - 1.220
MIRACLE LINUX CORPORATION
  • Asianux Server 2.0
  • Asianux Server 2.1

Impact

A remote attacker could bypass Webmin and Usermin's authentication, and execute an arbitrary command with root privileges.
Solution

Vendor Information

Webmin Project MIRACLE LINUX CORPORATION
CWE (What is CWE?)

CVE (What is CVE?)

  1. CVE-2005-3042
References

  1. JVN : JVN#40940493
  2. National Vulnerability Database (NVD) : CVE-2005-3042
  3. Secunia Advisory : SA16858
  4. SecurityFocus : 14889
  5. FrSIRT Advisories : FrSIRT/ADV-2005-1791
Revision History

  • [2008/05/21]
      Web page published