Back to search
CVE-2005-3912
Published: Nov 30, 2005
Modified: Aug 7, 2024
PUBLISHED
Description
Format string vulnerability in miniserv.pl Perl web server in Webmin before 1.250 and Usermin before 1.180, with syslog logging enabled, allows remote attackers to cause a denial of service (crash or memory consumption) and possibly execute arbitrary code via format string specifiers in the username parameter to the login form, which is ultimately used in a syslog call. NOTE: the code execution might be associated with an issue in Perl.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
http://www.webmin.com/security.html
x_refsource_CONFIRM
17749
third-party-advisory
x_refsource_SECUNIA
GLSA-200512-02
vendor-advisory
x_refsource_GENTOO
[Dailydave] 20051129 Webmin miniserv.pl format string vulnerability
mailing-list
x_refsource_MLIST
DSA-1199
vendor-advisory
x_refsource_DEBIAN
http://www.webmin.com/changes-1.250.html
x_refsource_CONFIRM
18101
third-party-advisory
x_refsource_SECUNIA
ADV-2005-2660
vdb-entry
x_refsource_VUPEN
SUSE-SR:2005:030
vendor-advisory
x_refsource_SUSE
17878
third-party-advisory
x_refsource_SECUNIA
http://www.dyadsecurity.com/webmin-0001.html
x_refsource_MISC
20051129 Webmin miniserv.pl format string vulnerability
mailing-list
x_refsource_BUGTRAQ
http://www.webmin.com/uchanges-1.180.html
x_refsource_CONFIRM
22556
third-party-advisory
x_refsource_SECUNIA
MDKSA-2005:223
vendor-advisory
x_refsource_MANDRIVA
17942
third-party-advisory
x_refsource_SECUNIA
17817
third-party-advisory
x_refsource_SECUNIA
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now