CVE-2005-3042

Published: Sep 22, 2005

Modified: Aug 7, 2024

PUBLISHED

Description

miniserv.pl in Webmin before 1.230 and Usermin before 1.160, when "full PAM conversations" is enabled, allows remote attackers to bypass authentication by spoofing session IDs via certain metacharacters (line feed or carriage return).

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

16858

third-party-advisory

x_refsource_SECUNIA

17282

third-party-advisory

x_refsource_SECUNIA

GLSA-200509-17

vendor-advisory

x_refsource_GENTOO

19575

vdb-entry

x_refsource_OSVDB

third-party-advisory

x_refsource_SREASON

14889

vdb-entry

x_refsource_BID

ADV-2005-1791

vdb-entry

x_refsource_VUPEN

http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/83_e.html

x_refsource_MISC

MDKSA-2005:176

vendor-advisory

x_refsource_MANDRIVA

SUSE-SR:2005:024

vendor-advisory

x_refsource_SUSE

20050921 [SNS Advisory No.83] Webmin/Usermin PAM Authentication Bypass Vulnerability

mailing-list

x_refsource_BUGTRAQ

http://www.webmin.com/changes-1.230.html

x_refsource_CONFIRM

JVN#40940493

third-party-advisory

x_refsource_JVN

http://www.webmin.com/uchanges-1.160.html

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2005-3042

Description

Affected Products

References