Family: Mandrake Local Security Checks --> Category: infos
MDKSA-2005:223: webmin Vulnerability Scan
Vulnerability Scan Summary
Check for the version of the webmin package
Detailed Explanation for this Vulnerability Test
The remote host is missing the patch for the advisory MDKSA-2005:223 (webmin).
Jack Louis discovered a format string vulnerability in miniserv.pl Perl web
server in Webmin before 1.250 and Usermin before 1.180, with syslog logging
enabled. This can allow remote attackers to cause a denial of service (crash or
memory consumption) and possibly execute arbitrary code via format string
specifiers in the username parameter to the login form, which is ultimately
used in a syslog call.
Solution : http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2005:223
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.