CERTA-2005-AVI-478

Vulnerability from certfr_avis - Published: 2005-12-02 - Updated: 2006-02-20

None

Description

Webmin est une interface d'administration Unix basée sur le web. Usermin est un dérivé de Webmin destiné aux utilisateurs, leur permettant notamment de consulter leur messagerie.

Une vulnérabilité a été découverte dans Webmin/Usermin lors de la journalisation avec syslog. Un utilisateur mal intentionné peut, lors de la phase d'authentification, en fournissant un nom d'utilisateur habilement constitué, réaliser un déni de service sur le serveur.

Solution

Mettre à jour Webmin/Usermin (voir section Documentation).

None
Impacted products
Vendor Product Description
N/A N/A Usermin versions antérieures à 1.180.
N/A N/A Webmin versions antérieures à 1.250 ;
References

Show details on source website
To clipboard 

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Usermin versions ant\u00e9rieures \u00e0 1.180.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Webmin versions ant\u00e9rieures \u00e0 1.250 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nWebmin est une interface d\u0027administration Unix bas\u00e9e sur le web. Usermin\nest un d\u00e9riv\u00e9 de Webmin destin\u00e9 aux utilisateurs, leur permettant\nnotamment de consulter leur messagerie.\n\nUne vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Webmin/Usermin lors de la\njournalisation avec syslog. Un utilisateur mal intentionn\u00e9 peut, lors de\nla phase d\u0027authentification, en fournissant un nom d\u0027utilisateur\nhabilement constitu\u00e9, r\u00e9aliser un d\u00e9ni de service sur le serveur.\n\n## Solution\n\nMettre \u00e0 jour Webmin/Usermin (voir section Documentation).\n",
  "cves": [],
  "initial_release_date": "2005-12-02T00:00:00",
  "last_revision_date": "2006-02-20T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 FreeBSD du 15 f\u00e9vrier 2006 :",
      "url": "http://www.vuxml.org/freebsd/pkg-webmin.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Mandriva MDKSA-2005:223 du 02 d\u00e9cembre    2005 :",
      "url": "http://frontal2.mandriva.com/security/advisories?name=MDKSA-2005:223"
    },
    {
      "title": "Page recensant les probl\u00e8mes de s\u00e9curit\u00e9 sur le site de    Webmin :",
      "url": "http://www.webmin.com/security.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 DYAD Security du 29 novembre 2005 :",
      "url": "http://www.dyadsecurity.com/webmin-0001.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SR:2005:030 du 16 d\u00e9cembre    2005 :",
      "url": "http://www.novell.com/linux/security/advisories/2005_30_sr.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Gentoo GLSA 200512-02 du 07 d\u00e9cembre    2005 :",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200512-02.xml"
    }
  ],
  "reference": "CERTA-2005-AVI-478",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2005-12-02T00:00:00.000000"
    },
    {
      "description": "ajout de la r\u00e9f\u00e9rence au bulletin de s\u00e9curit\u00e9 Mandriva.",
      "revision_date": "2005-12-05T00:00:00.000000"
    },
    {
      "description": "ajout des r\u00e9f\u00e9rences aux bulletins de s\u00e9curit\u00e9 Gentoo et DYAD Security.",
      "revision_date": "2005-12-08T00:00:00.000000"
    },
    {
      "description": "ajout de la r\u00e9f\u00e9rence au bulletin de s\u00e9curit\u00e9 SUSE.",
      "revision_date": "2005-12-21T00:00:00.000000"
    },
    {
      "description": "ajout de la r\u00e9f\u00e9rence au bulletin de s\u00e9curit\u00e9 FreeBSD.",
      "revision_date": "2006-02-20T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service"
    }
  ],
  "summary": null,
  "title": "Vuln\u00e9rabilit\u00e9 dans Webmin/Usermin",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Site de Webmin",
      "url": "http://www.webmin.com"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.