Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Security Update: [CSSA-2003-002.0] Linux: Webmin Cross-site Scripting and Session ID Spoofing Vulnerabilities

From: security () caldera com
Date: Fri, 10 Jan 2003 10:42:21 -0800
To: bugtraq () securityfocus com announce () lists caldera com security-alerts () linuxsecurity com full-disclosure () 
lists netsys com

______________________________________________________________________________

                        SCO Security Advisory

Subject:                Linux: Webmin Cross-site Scripting and Session ID Spoofing Vulnerabilities 
Advisory number:        CSSA-2003-002.0
Issue date:             2003 January 09
Cross reference:
______________________________________________________________________________


1. Problem Description

        From the CVE database:

        Cross-site scripting vulnerability in the authentication page
        for webmin allows remote attackers to insert script into an
        error page and possibly steal cookies.

        Webmin with password timeouts enabled allow local (and
        possibly remote) attackers to bypass authentication and gain
        privileges via certain control characters in the
        authentication information, which can force webmin to accept
        arbitrary username/session ID combinations.


2. Vulnerable Supported Versions

        System                          Package
        ----------------------------------------------------------------------

        OpenLinux 3.1.1 Server          prior to webmin-0.89-11.i386.rpm

        OpenLinux 3.1.1 Workstation     prior to webmin-0.89-11.i386.rpm

        OpenLinux 3.1 Server            prior to webmin-0.89-11.i386.rpm

        OpenLinux 3.1 Workstation       prior to webmin-0.89-11.i386.rpm


3. Solution

        The proper solution is to install the latest packages. Many
        customers find it easier to use the Caldera System Updater, called
        cupdate (or kcupdate under the KDE environment), to update these
        packages rather than downloading and installing them by hand.


4. OpenLinux 3.1.1 Server

        4.1 Package Location

        ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2003-002.0/RPMS

        4.2 Packages

        3026e74f0dfaf25d908ccec688a314e2        webmin-0.89-11.i386.rpm

        4.3 Installation

        rpm -Fvh webmin-0.89-11.i386.rpm

        4.4 Source Package Location

        ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2003-002.0/SRPMS

        4.5 Source Packages

        8f747fcb86d3e0461e5a3b94e1146f0b        webmin-0.89-11.src.rpm


5. OpenLinux 3.1.1 Workstation

        5.1 Package Location

        ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2003-002.0/RPMS

        5.2 Packages

        7f8f3ce6e7924dc37dda93f055673133        webmin-0.89-11.i386.rpm

        5.3 Installation

        rpm -Fvh webmin-0.89-11.i386.rpm

        5.4 Source Package Location

        ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2003-002.0/SRPMS

        5.5 Source Packages

        19ae473fe6f97850aa82c433f4c1067b        webmin-0.89-11.src.rpm


6. OpenLinux 3.1 Server

        6.1 Package Location

        ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2003-002.0/RPMS

        6.2 Packages

        00d70a606a93cb9f2918f5fcfd2e5b06        webmin-0.89-11.i386.rpm

        6.3 Installation

        rpm -Fvh webmin-0.89-11.i386.rpm

        6.4 Source Package Location

        ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2003-002.0/SRPMS

        6.5 Source Packages

        77fac0e2fff9398a5f8c03d42fc069b8        webmin-0.89-11.src.rpm


7. OpenLinux 3.1 Workstation

        7.1 Package Location

        ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2003-002.0/RPMS

        7.2 Packages

        2cf9af671080810d2cb0c6e45a860755        webmin-0.89-11.i386.rpm

        7.3 Installation

        rpm -Fvh webmin-0.89-11.i386.rpm

        7.4 Source Package Location

        ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2003-002.0/SRPMS

        7.5 Source Packages

        1932376f68438264e54a1dee7bbd5dff        webmin-0.89-11.src.rpm


8. References

        Specific references for this advisory:

                http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0756
                http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0757

        SCO security resources:

                http://www.sco.com/support/security/index.html

        This security fix closes SCO incidents sr863988, fz520909,
        erg501606.


9. Disclaimer

        SCO is not responsible for the misuse of any of the information
        we provide on this website and/or through our security
        advisories. Our advisories are a service to our customers intended
        to promote secure installation and use of SCO products.


10. Acknowledgements

        Keigo Yamazaki (LAC Co.,Ltd) discovered and researched this
        vulnerability.

______________________________________________________________________________

Attachment: _bin
Description:

Previous By Date Next
Previous By Thread Next

Current thread: