From 4f2d7949f03e1c198bc888f2d05f421d35c57e21 Mon Sep 17 00:00:00 2001 From: V3n3RiX Date: Mon, 9 Oct 2017 18:53:29 +0100 Subject: reinit the tree, so we can have metadata --- metadata/glsa/glsa-200608-11.xml | 74 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 74 insertions(+) create mode 100644 metadata/glsa/glsa-200608-11.xml (limited to 'metadata/glsa/glsa-200608-11.xml') diff --git a/metadata/glsa/glsa-200608-11.xml b/metadata/glsa/glsa-200608-11.xml new file mode 100644 index 000000000000..54d14393cb7e --- /dev/null +++ b/metadata/glsa/glsa-200608-11.xml @@ -0,0 +1,74 @@ + + + + Webmin, Usermin: File Disclosure + + Webmin and Usermin are vulnerable to an arbitrary file disclosure through a + specially crafted URL. + + webmin/usermin + 2006-08-06 + 2006-08-06: 01 + 138552 + remote + + + 1.290 + 1.290 + + + 1.220 + 1.220 + + + +

+ Webmin is a web-based interface for Unix-like systems. Usermin is a + simplified version of Webmin designed for use by normal users rather + than system administrators. +

+ + +

+ A vulnerability in both Webmin and Usermin has been discovered by Kenny + Chen, wherein simplify_path is called before the HTML is decoded. +

+ + +

+ A non-authenticated user can read any file on the server using a + specially crafted URL. +

+ + +

+ For a temporary workaround, IP Access Control can be setup on Webmin + and Usermin. +

+ + +

+ All Webmin users should update to the latest stable version: +

+ + # emerge --sync + # emerge --ask --verbose --oneshot ">=app-admin/webmin-1.290" +

+ All Usermin users should update to the latest stable version: +

+ + # emerge --sync + # emerge --ask --verbose --oneshot ">=app-admin/usermin-1.220" + + + CVE-2006-3392 + + + + + koon + + + hlieberman + + -- cgit v1.2.3