Family: Mandrake Local Security Checks --> Category: infos
MDKSA-2005:176: webmin Vulnerability Scan
Vulnerability Scan Summary
Check for the version of the webmin package
Detailed Explanation for this Vulnerability Test
The remote host is missing the patch for the advisory MDKSA-2005:176 (webmin).
Miniserv.pl in Webmin 1.220, when 'full PAM conversations' is enabled, allows
remote attackers to bypass authentication by spoofing session IDs via certain
metacharacters (line feed or carriage return).
The updated packages have been patched to correct this issues.
Solution : http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2005:176
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.