Back to search
CVE-2003-0101
Published: Feb 26, 2003
Modified: Aug 8, 2024
PUBLISHED
Description
miniserv.pl in (1) Webmin before 1.070 and (2) Usermin before 1.000 does not properly handle metacharacters such as line feeds and carriage returns (CRLF) in Base-64 encoded strings during Basic authentication, which allows remote attackers to spoof a session ID and gain root privileges.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
DSA-319
vendor-advisory
x_refsource_DEBIAN
http://www.linuxsecurity.com/advisories/gentoo_advisory-2886.html
x_refsource_CONFIRM
20030224 GLSA: usermin (200302-14)
mailing-list
x_refsource_BUGTRAQ
N-058
third-party-advisory
government-resource
x_refsource_CIAC
8163
third-party-advisory
x_refsource_SECUNIA
MDKSA-2003:025
vendor-advisory
x_refsource_MANDRAKE
HPSBUX0303-250
vendor-advisory
x_refsource_HP
8115
third-party-advisory
x_refsource_SECUNIA
1006160
vdb-entry
x_refsource_SECTRACK
20030224 [SNS Advisory No.62] Webmin/Usermin Session ID Spoofing Vulnerability "Episode 2"
mailing-list
x_refsource_BUGTRAQ
ESA-20030225-006
vendor-advisory
x_refsource_ENGARDE
http://marc.info/?l=webmin-announce&m=104587858408101&w=2
x_refsource_CONFIRM
20030224 Webmin 1.050 - 1.060 remote exploit
mailing-list
x_refsource_BUGTRAQ
http://www.lac.co.jp/security/english/snsadv_e/62_e.html
x_refsource_MISC
webmin-usermin-root-access(11390)
vdb-entry
x_refsource_XF
6915
vdb-entry
x_refsource_BID
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now