CVE-2005-3042
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
6.8 Medium
AI Score
Confidence
Low
0.025 Low
EPSS
Percentile
90.2%
miniserv.pl in Webmin before 1.230 and Usermin before 1.160, when “full PAM conversations” is enabled, allows remote attackers to bypass authentication by spoofing session IDs via certain metacharacters (line feed or carriage return).
Affected configurations
References
archives.neohapsis.com/archives/bugtraq/2005-09/0257.html
jvn.jp/jp/JVN%2340940493/index.html
secunia.com/advisories/16858
secunia.com/advisories/17282
securityreason.com/securityalert/17
www.gentoo.org/security/en/glsa/glsa-200509-17.xml
www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/83_e.html
www.mandriva.com/security/advisories?name=MDKSA-2005:176
www.novell.com/linux/security/advisories/2005_24_sr.html
www.osvdb.org/19575
www.securityfocus.com/bid/14889
www.vupen.com/english/advisories/2005/1791
www.webmin.com/changes-1.230.html
www.webmin.com/uchanges-1.160.html
Related
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
6.8 Medium
AI Score
Confidence
Low
0.025 Low
EPSS
Percentile
90.2%