[email protected]CVE-2005-3042

HistorySep 22, 2005 - 10:03 a.m.

CVE-2005-3042

2005-09-2210:03:00

[email protected]

web.nvd.nist.gov

cve

2005

3042

miniserv.pl

webmin

usermin

authentication bypass

metacharacters

6.8 Medium

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.025 Low

EPSS

Percentile

90.1%

JSON

miniserv.pl in Webmin before 1.230 and Usermin before 1.160, when “full PAM conversations” is enabled, allows remote attackers to bypass authentication by spoofing session IDs via certain metacharacters (line feed or carriage return).

Affected configurations

NVD

Node

userminuserminMatch1.150

webminwebminMatch1.2.20

CPENameOperatorVersion
usermin:userminusermineq1.150
webmin:webminwebmineq1.2.20

CPE	Name	Operator	Version
usermin:usermin	usermin	eq	1.150
webmin:webmin	webmin	eq	1.2.20

References

archives.neohapsis.com/archives/bugtraq/2005-09/0257.html

jvn.jp/jp/JVN%2340940493/index.html

secunia.com/advisories/16858

secunia.com/advisories/17282

securityreason.com/securityalert/17

www.gentoo.org/security/en/glsa/glsa-200509-17.xml

www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/83_e.html

www.mandriva.com/security/advisories?name=MDKSA-2005:176

www.novell.com/linux/security/advisories/2005_24_sr.html

www.osvdb.org/19575

www.securityfocus.com/bid/14889

www.vupen.com/english/advisories/2005/1791

www.webmin.com/changes-1.230.html

www.webmin.com/uchanges-1.160.html

6.8 Medium

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.025 Low

EPSS

Percentile

90.1%

JSON

Related for CVE-2005-3042

nessus3 jvn1 openvas2 cvelist1 ubuntucve1 gentoo1 nvd1