Mandrake Local Security Checks : Mandriva Update for webmin MDVSA-2011:109 (webmin)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.831418

Categoría: Mandrake Local Security Checks

Título: Mandriva Update for webmin MDVSA-2011:109 (webmin)

Resumen: The remote host is missing an update for the 'webmin'; package(s) announced via the referenced advisory.

Descripción: Summary:
The remote host is missing an update for the 'webmin'
package(s) announced via the referenced advisory.

Vulnerability Insight:
A vulnerability was discovered and corrected in webmin:

Cross-site scripting (XSS) vulnerability in Webmin 1.540 and earlier
allows local users to inject arbitrary web script or HTML via a
chfn command that changes the real (aka Full Name) field, related to
useradmin/index.cgi and useradmin/user-lib.pl (CVE-2011-1937).

Packages for 2009.0 are provided as of the Extended Maintenance
Program. The updated packages have been upgraded to the 1.550 version which
is not vulnerable to this issue.

Affected Software/OS:
webmin on Mandriva Linux 2009.0,
Mandriva Linux 2009.0/X86_64,
Mandriva Linux 2010.1,
Mandriva Linux 2010.1/X86_64,
Mandriva Enterprise Server 5,
Mandriva Enterprise Server 5/X86_64

Solution:
Please Install the Updated Packages.

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2011-1937
BugTraq ID: 47558
http://www.securityfocus.com/bid/47558
Bugtraq: 20110424 XSS in Webmin 1.540 + exploit for privilege escalation (Google Search)
http://www.securityfocus.com/archive/1/517658
http://www.mandriva.com/security/advisories?name=MDVSA-2011:109
http://javierb.com.ar/2011/04/24/xss-webmin-1-540/
http://www.youtube.com/watch?v=CUO7JLIGUf0
http://openwall.com/lists/oss-security/2011/05/22/1
http://openwall.com/lists/oss-security/2011/05/24/7
http://securitytracker.com/id?1025438
http://securityreason.com/securityalert/8264

Copyright Copyright (C) 2011 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.831418
Categoría:	Mandrake Local Security Checks
Título:	Mandriva Update for webmin MDVSA-2011:109 (webmin)
Resumen:	The remote host is missing an update for the 'webmin'; package(s) announced via the referenced advisory.
Descripción:	Summary: The remote host is missing an update for the 'webmin' package(s) announced via the referenced advisory. Vulnerability Insight: A vulnerability was discovered and corrected in webmin: Cross-site scripting (XSS) vulnerability in Webmin 1.540 and earlier allows local users to inject arbitrary web script or HTML via a chfn command that changes the real (aka Full Name) field, related to useradmin/index.cgi and useradmin/user-lib.pl (CVE-2011-1937). Packages for 2009.0 are provided as of the Extended Maintenance Program. The updated packages have been upgraded to the 1.550 version which is not vulnerable to this issue. Affected Software/OS: webmin on Mandriva Linux 2009.0, Mandriva Linux 2009.0/X86_64, Mandriva Linux 2010.1, Mandriva Linux 2010.1/X86_64, Mandriva Enterprise Server 5, Mandriva Enterprise Server 5/X86_64 Solution: Please Install the Updated Packages. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2011-1937 BugTraq ID: 47558 http://www.securityfocus.com/bid/47558 Bugtraq: 20110424 XSS in Webmin 1.540 + exploit for privilege escalation (Google Search) http://www.securityfocus.com/archive/1/517658 http://www.mandriva.com/security/advisories?name=MDVSA-2011:109 http://javierb.com.ar/2011/04/24/xss-webmin-1-540/ http://www.youtube.com/watch?v=CUO7JLIGUf0 http://openwall.com/lists/oss-security/2011/05/22/1 http://openwall.com/lists/oss-security/2011/05/24/7 http://securitytracker.com/id?1025438 http://securityreason.com/securityalert/8264
Copyright	Copyright (C) 2011 Greenbone AG