Family: Mandrake Local Security Checks --> Category: infos
MDKSA-2003:025: webmin Vulnerability Scan
Vulnerability Scan Summary
Check for the version of the webmin package
Detailed Explanation for this Vulnerability Test
The remote host is missing the patch for the advisory MDKSA-2003:025 (webmin).
A vulnerability was discovered in webmin by Cintia M. Imanishi, in the
miniserv.pl program, which is the core server of webmin. This vulnerability
allows a possible hacker to spoof a session ID by including special metacharacters in
the BASE64 encoding string used during the authentication process. This could
allow a possible hacker to gain full administrative access to webmin.
MandrakeSoft encourages all users to upgrade immediately.
Solution : http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2003:025
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.