Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2006-2021 Tenable Network Security, Inc.MANDRAKE_MDKSA-2005-223.NASL
HistoryJan 15, 2006 - 12:00 a.m.

Mandrake Linux Security Advisory : webmin (MDKSA-2005:223)

2006-01-1500:00:00
This script is Copyright (C) 2006-2021 Tenable Network Security, Inc.
www.tenable.com
9
JSON

Jack Louis discovered a format string vulnerability in miniserv.pl Perl web server in Webmin before 1.250 and Usermin before 1.180, with syslog logging enabled. This can allow remote attackers to cause a denial of service (crash or memory consumption) and possibly execute arbitrary code via format string specifiers in the username parameter to the login form, which is ultimately used in a syslog call.

#%NASL_MIN_LEVEL 70300

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Mandrake Linux Security Advisory MDKSA-2005:223. 
# The text itself is copyright (C) Mandriva S.A.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(20454);
  script_version("1.17");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");

  script_cve_id("CVE-2005-3912");
  script_xref(name:"MDKSA", value:"2005:223");

  script_name(english:"Mandrake Linux Security Advisory : webmin (MDKSA-2005:223)");
  script_summary(english:"Checks rpm output for the updated package");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Mandrake Linux host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Jack Louis discovered a format string vulnerability in miniserv.pl
Perl web server in Webmin before 1.250 and Usermin before 1.180, with
syslog logging enabled. This can allow remote attackers to cause a
denial of service (crash or memory consumption) and possibly execute
arbitrary code via format string specifiers in the username parameter
to the login form, which is ultimately used in a syslog call."
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected webmin package."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
  script_set_attribute(attribute:"canvas_package", value:'CANVAS');

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:webmin");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:10.1");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2006");
  script_set_attribute(attribute:"cpe", value:"x-cpe:/o:mandrakesoft:mandrake_linux:le2005");

  script_set_attribute(attribute:"patch_publication_date", value:"2005/12/02");
  script_set_attribute(attribute:"plugin_publication_date", value:"2006/01/15");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2006-2021 Tenable Network Security, Inc.");
  script_family(english:"Mandriva Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);


flag = 0;
if (rpm_check(release:"MDK10.1", reference:"webmin-1.150-3.2.101mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.1", cpu:"x86_64", reference:"webmin-1.150-3.2.101mdk", yank:"mdk")) flag++;

if (rpm_check(release:"MDK10.2", reference:"webmin-1.180-1.2.102mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.2", cpu:"x86_64", reference:"webmin-1.180-1.2.102mdk", yank:"mdk")) flag++;

if (rpm_check(release:"MDK2006.0", reference:"webmin-1.220-9.2.20060mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK2006.0", cpu:"x86_64", reference:"webmin-1.220-9.2.20060mdk", yank:"mdk")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
mandrivalinuxwebminp-cpe:/a:mandriva:linux:webmin
mandrakesoftmandrake_linux10.1cpe:/o:mandrakesoft:mandrake_linux:10.1
mandrivalinux2006cpe:/o:mandriva:linux:2006
mandrakesoftmandrake_linuxle2005x-cpe:/o:mandrakesoft:mandrake_linux:le2005

Related

ubuntucve 1
gentoo 1
openvas 6
cve 1
nessus 9
canvas 1
seebug 1
freebsd 1
osv 1
debian 2
ubuntucve
ubuntucve
CVE-2005-3912
2005-11-30 00:00:00
gentoo
gentoo
Webmin, Usermin: Format string vulnerability
2005-12-07 00:00:00
openvas
openvas
Gentoo Security Advisory GLSA 200512-02 (webmin usermin)
2008-09-24 00:00:00
Gentoo Security Advisory GLSA 200512-02 (webmin usermin)
2008-09-24 00:00:00
FreeBSD Ports: perl
2008-09-04 00:00:00
cve
cve
CVE-2005-3912
2005-11-30 11:03:00
nessus
nessus
GLSA-200512-02 : Webmin, Usermin: Format string vulnerability
2005-12-08 00:00:00
Webmin < 1.250 miniserv.pl Remote Code Execution
2018-03-22 00:00:00
Webmin 'miniserv.pl' 'username' Parameter Format String
2005-12-26 00:00:00
canvas
canvas
Immunity Canvas: WEBMIN
2005-11-30 11:03:00
seebug
seebug
Perlζ ΌεΌδΈ²ε€„η†ζ•΄ζ•°ζΊ’ε‡ΊζΌζ΄ž
2006-11-30 00:00:00
freebsd
freebsd
perl, webmin, usermin -- perl format string integer wrap vulnerability
2005-09-23 00:00:00
osv
osv
webmin
2006-10-23 00:00:00
debian
debian
[SECURITY] [DSA 1199-1] New webmin packages fix input validation problems
2006-10-24 01:10:44
[SECURITY] [DSA 1199-1] New webmin packages fix input validation problems
2006-10-24 01:10:44
JSON
Related for MANDRAKE_MDKSA-2005-223.NASL
ubuntucve1gentoo1openvas6cve1nessus9canvas1seebug1freebsd1osv1debian2