lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Fri Oct  7 22:53:06 2005
From: security at (Mandriva Security Team)
Subject: MDKSA-2005:176 - Updated webmin package fixes
	authentication bypass vulnerability 

Hash: SHA1


                Mandriva Linux Security Update Advisory

 Package name:           webmin
 Advisory ID:            MDKSA-2005:176
 Date:                   October 7th, 2005

 Affected versions:	 2006.0

 Problem Description: in Webmin 1.220, when "full PAM conversations" is enabled,
 allows remote attackers to bypass authentication by spoofing session
 IDs via certain metacharacters (line feed or carriage return).
 The updated packages have been patched to correct this issues.


 Updated Packages:
 Mandrivalinux 2006.0:
 a848ccbf6344438775ec1304879aef4d  2006.0/RPMS/webmin-1.220-9.1.20060mdk.noarch.rpm
 bd414e303f86c49a7544a9b8bb99d4a9  2006.0/SRPMS/webmin-1.220-9.1.20060mdk.src.rpm

 Mandrivalinux 2006.0/X86_64:
 c9aa3f93679c4aa22d0d56843315bb13  x86_64/2006.0/RPMS/webmin-1.220-9.1.20060mdk.noarch.rpm
 bd414e303f86c49a7544a9b8bb99d4a9  x86_64/2006.0/SRPMS/webmin-1.220-9.1.20060mdk.src.rpm

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver 0x22458A98

 You can view other update advisories for Mandriva Linux at:

 If you want to report vulnerabilities, please contact


 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team

Version: GnuPG v1.2.4 (GNU/Linux)


Powered by blists - more mailing lists