ID de Prueba:	1.3.6.1.4.1.25623.1.0.52836
Categoría:	Turbolinux Local Security Tests
Título:	Turbolinux TLSA-2005-20 (webmin)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to webmin announced via advisory TLSA-2005-20. Webmin is a web-based administration interface for Unix systems. Using Webmin you can configure DNS, Samba, NFS, local/remote filesystems and more using your web browser. Multiple vulnerabilities exist in Webmin: - A script in Usermin allows local users to overwrite arbitrary files at install time via a symlink attack on the /tmp/.usermin directory. - Webmin allows remote attackers to bypass access control rules and gain read access to configuration information for certain modules. - The account lockout functionality in webmin does not parse certain character strings, which allows remote attackers to conduct a brute force attack to guess user IDs and passwords. This vulerability may allow attackers to overwrite arbitrary files via a symbolic link attack. The vulnerabilities may allow remote attackers to bypass access control rules. Solution: Please use the turbopkg (zabom) tool to apply the update. https://secure1.securityspace.com/smysecure/catid.html?in=TLSA-2005-20 Risk factor : Medium CVSS Score: 5.0
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2004-0559 BugTraq ID: 11153 http://www.securityfocus.com/bid/11153 http://www.gentoo.org/security/en/glsa/glsa-200409-15.xml http://secunia.com/advisories/12488/ XForce ISS Database: usermin-installation-unspecified(17299) https://exchange.xforce.ibmcloud.com/vulnerabilities/17299 Common Vulnerability Exposure (CVE) ID: CVE-2004-0582 BugTraq ID: 10474 http://www.securityfocus.com/bid/10474 BugTraq ID: 10522 http://www.securityfocus.com/bid/10522 Bugtraq: 20040611 [SNS Advisory No.74] Webmin Access Control Rule Bypass Vulnerability (Google Search) http://marc.info/?l=bugtraq&m=108697184602191&w=2 Conectiva Linux advisory: CLA-2004:848 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000848 Debian Security Information: DSA-526 (Google Search) http://www.debian.org/security/2004/dsa-526 http://www.gentoo.org/security/en/glsa/glsa-200406-12.xml http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:074 http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/74_e.html XForce ISS Database: webmin-bypass-security(16333) https://exchange.xforce.ibmcloud.com/vulnerabilities/16333 Common Vulnerability Exposure (CVE) ID: CVE-2004-0583 BugTraq ID: 10523 http://www.securityfocus.com/bid/10523 Bugtraq: 20040611 [SNS Advisory No.75] Webmin/Usermin Account Lockout Bypass Vulnerability (Google Search) http://marc.info/?l=bugtraq&m=108737059313829&w=2 http://www.gentoo.org/security/en/glsa/glsa-200406-15.xml http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/75_e.html XForce ISS Database: webmin-username-password-dos(16334) https://exchange.xforce.ibmcloud.com/vulnerabilities/16334
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.