|
|
Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200406-12] Webmin: Multiple vulnerabilities Vulnerability Scan
Vulnerability Scan Summary
Webmin: Multiple vulnerabilities
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200406-12
(Webmin: Multiple vulnerabilities)
Webmin contains two security vulnerabilities. One allows any user to view
the configuration of any module and the other could allow a possible hacker to
lock out a valid user by sending an invalid username and password.
Impact
An authenticated user could use these vulnerabilities to view the
configuration of any module thus potentially obtaining important knowledge
about configuration settings. Furthermore a possible hacker could lock out
legitimate users by sending invalid login information.
Workaround
There is no known workaround at this time.
References:
http://www.securityfocus.com/bid/10474
http://www.webmin.com/changes-1.150.html
Solution:
All Webmin users should upgrade to the latest stable version:
# emerge sync
# emerge -pv ">=app-admin/app-admin/webmin-1.150"
# emerge ">=app-admin/app-admin/webmin-1.150"
Threat Level: Medium
Click HERE for more information and discussions on this network vulnerability scan.
|
