Mandrake Local Security Checks : Mandrake Security Advisory MDKSA-2004:074 (webmin)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.50557

Categoría: Mandrake Local Security Checks

Título: Mandrake Security Advisory MDKSA-2004:074 (webmin)

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing an update to webmin
announced via advisory MDKSA-2004:074.

Unknown vulnerability in Webmin 1.140 allows remote attackers to
bypass access control rules and gain read access to configuration
information for a module. (CVE-2004-0582)

The account lockout functionality in Webmin 1.140 does not parse
certain character strings, which allows remote attackers to conduct a
brute force attack to guess user IDs and passwords. (CVE-2004-0583)

The updated packages are patched to correct the problem.

Affected versions: 10.0, 9.1, 9.2, Corporate Server 2.1

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

https://secure1.securityspace.com/smysecure/catid.html?in=MDKSA-2004:074
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0582
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0583

Risk factor : Medium

CVSS Score:
5.0

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2004-0582
BugTraq ID: 10474
http://www.securityfocus.com/bid/10474
BugTraq ID: 10522
http://www.securityfocus.com/bid/10522
Bugtraq: 20040611 [SNS Advisory No.74] Webmin Access Control Rule Bypass Vulnerability (Google Search)
http://marc.info/?l=bugtraq&m=108697184602191&w=2
Conectiva Linux advisory: CLA-2004:848
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000848
Debian Security Information: DSA-526 (Google Search)
http://www.debian.org/security/2004/dsa-526
http://www.gentoo.org/security/en/glsa/glsa-200406-12.xml
http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:074
http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/74_e.html
XForce ISS Database: webmin-bypass-security(16333)
https://exchange.xforce.ibmcloud.com/vulnerabilities/16333
Common Vulnerability Exposure (CVE) ID: CVE-2004-0583
BugTraq ID: 10523
http://www.securityfocus.com/bid/10523
Bugtraq: 20040611 [SNS Advisory No.75] Webmin/Usermin Account Lockout Bypass Vulnerability (Google Search)
http://marc.info/?l=bugtraq&m=108737059313829&w=2
http://www.gentoo.org/security/en/glsa/glsa-200406-15.xml
http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/75_e.html
XForce ISS Database: webmin-username-password-dos(16334)
https://exchange.xforce.ibmcloud.com/vulnerabilities/16334

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.50557
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDKSA-2004:074 (webmin)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to webmin announced via advisory MDKSA-2004:074. Unknown vulnerability in Webmin 1.140 allows remote attackers to bypass access control rules and gain read access to configuration information for a module. (CVE-2004-0582) The account lockout functionality in Webmin 1.140 does not parse certain character strings, which allows remote attackers to conduct a brute force attack to guess user IDs and passwords. (CVE-2004-0583) The updated packages are patched to correct the problem. Affected versions: 10.0, 9.1, 9.2, Corporate Server 2.1 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDKSA-2004:074 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0582 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0583 Risk factor : Medium CVSS Score: 5.0
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2004-0582 BugTraq ID: 10474 http://www.securityfocus.com/bid/10474 BugTraq ID: 10522 http://www.securityfocus.com/bid/10522 Bugtraq: 20040611 [SNS Advisory No.74] Webmin Access Control Rule Bypass Vulnerability (Google Search) http://marc.info/?l=bugtraq&m=108697184602191&w=2 Conectiva Linux advisory: CLA-2004:848 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000848 Debian Security Information: DSA-526 (Google Search) http://www.debian.org/security/2004/dsa-526 http://www.gentoo.org/security/en/glsa/glsa-200406-12.xml http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:074 http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/74_e.html XForce ISS Database: webmin-bypass-security(16333) https://exchange.xforce.ibmcloud.com/vulnerabilities/16333 Common Vulnerability Exposure (CVE) ID: CVE-2004-0583 BugTraq ID: 10523 http://www.securityfocus.com/bid/10523 Bugtraq: 20040611 [SNS Advisory No.75] Webmin/Usermin Account Lockout Bypass Vulnerability (Google Search) http://marc.info/?l=bugtraq&m=108737059313829&w=2 http://www.gentoo.org/security/en/glsa/glsa-200406-15.xml http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/75_e.html XForce ISS Database: webmin-username-password-dos(16334) https://exchange.xforce.ibmcloud.com/vulnerabilities/16334
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com