[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20030110104221.K18857@sco.com>
From: security at caldera.com (security@...dera.com)
Subject: Security Update: [CSSA-2003-002.0] Linux: Webmin Cross-site Scripting and Session ID Spoofing Vulnerabilities
To: bugtraq@...urityfocus.com announce@...ts.caldera.com security-alerts@...uxsecurity.com full-disclosure@...ts.netsys.com
______________________________________________________________________________
SCO Security Advisory
Subject: Linux: Webmin Cross-site Scripting and Session ID Spoofing Vulnerabilities
Advisory number: CSSA-2003-002.0
Issue date: 2003 January 09
Cross reference:
______________________________________________________________________________
1. Problem Description
From the CVE database:
Cross-site scripting vulnerability in the authentication page
for webmin allows remote attackers to insert script into an
error page and possibly steal cookies.
Webmin with password timeouts enabled allow local (and
possibly remote) attackers to bypass authentication and gain
privileges via certain control characters in the
authentication information, which can force webmin to accept
arbitrary username/session ID combinations.
2. Vulnerable Supported Versions
System Package
----------------------------------------------------------------------
OpenLinux 3.1.1 Server prior to webmin-0.89-11.i386.rpm
OpenLinux 3.1.1 Workstation prior to webmin-0.89-11.i386.rpm
OpenLinux 3.1 Server prior to webmin-0.89-11.i386.rpm
OpenLinux 3.1 Workstation prior to webmin-0.89-11.i386.rpm
3. Solution
The proper solution is to install the latest packages. Many
customers find it easier to use the Caldera System Updater, called
cupdate (or kcupdate under the KDE environment), to update these
packages rather than downloading and installing them by hand.
4. OpenLinux 3.1.1 Server
4.1 Package Location
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2003-002.0/RPMS
4.2 Packages
3026e74f0dfaf25d908ccec688a314e2 webmin-0.89-11.i386.rpm
4.3 Installation
rpm -Fvh webmin-0.89-11.i386.rpm
4.4 Source Package Location
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2003-002.0/SRPMS
4.5 Source Packages
8f747fcb86d3e0461e5a3b94e1146f0b webmin-0.89-11.src.rpm
5. OpenLinux 3.1.1 Workstation
5.1 Package Location
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2003-002.0/RPMS
5.2 Packages
7f8f3ce6e7924dc37dda93f055673133 webmin-0.89-11.i386.rpm
5.3 Installation
rpm -Fvh webmin-0.89-11.i386.rpm
5.4 Source Package Location
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2003-002.0/SRPMS
5.5 Source Packages
19ae473fe6f97850aa82c433f4c1067b webmin-0.89-11.src.rpm
6. OpenLinux 3.1 Server
6.1 Package Location
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2003-002.0/RPMS
6.2 Packages
00d70a606a93cb9f2918f5fcfd2e5b06 webmin-0.89-11.i386.rpm
6.3 Installation
rpm -Fvh webmin-0.89-11.i386.rpm
6.4 Source Package Location
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2003-002.0/SRPMS
6.5 Source Packages
77fac0e2fff9398a5f8c03d42fc069b8 webmin-0.89-11.src.rpm
7. OpenLinux 3.1 Workstation
7.1 Package Location
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2003-002.0/RPMS
7.2 Packages
2cf9af671080810d2cb0c6e45a860755 webmin-0.89-11.i386.rpm
7.3 Installation
rpm -Fvh webmin-0.89-11.i386.rpm
7.4 Source Package Location
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2003-002.0/SRPMS
7.5 Source Packages
1932376f68438264e54a1dee7bbd5dff webmin-0.89-11.src.rpm
8. References
Specific references for this advisory:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0756
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0757
SCO security resources:
http://www.sco.com/support/security/index.html
This security fix closes SCO incidents sr863988, fz520909,
erg501606.
9. Disclaimer
SCO is not responsible for the misuse of any of the information
we provide on this website and/or through our security
advisories. Our advisories are a service to our customers intended
to promote secure installation and use of SCO products.
10. Acknowledgements
Keigo Yamazaki (LAC Co.,Ltd) discovered and researched this
vulnerability.
______________________________________________________________________________
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 237 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20030110/72853202/attachment.bin
Powered by blists - more mailing lists