|
Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200509-17] Webmin, Usermin: Remote code execution through PAM authentication Vulnerability Scan
Vulnerability Scan Summary Webmin, Usermin: Remote code execution through PAM authentication
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200509-17
(Webmin, Usermin: Remote code execution through PAM authentication)
Keigo Yamazaki discovered that the miniserv.pl webserver, used in
both Webmin and Usermin, does not properly validate authentication
credentials before sending them to the PAM (Pluggable Authentication
Modules) authentication process. The default configuration shipped with
Gentoo does not enable the "full PAM conversations" option and is
therefore unaffected by this flaw.
Impact
A remote attacker could bypass the authentication process and run
any command as the root user on the target server.
Workaround
Do not enable "full PAM conversations" in the Authentication
options of Webmin and Usermin.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3042
http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/83_e.html
Solution:
All Webmin users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-admin/webmin-1.230"
All Usermin users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-admin/usermin-1.160"
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|