CVE-2005-3042
CVE-2005-3042
miniserv.pl in Webmin before 1.230 and Usermin before 1.160, when "full PAM conversations" is enabled, allows remote attackers to bypass authentication by spoofing session IDs via certain metacharacters (line feed or carriage return).
Produtos afetados
n/a · n/aQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
http://archives.neohapsis.com/archives/bugtraq/2005-09/0257.htmlhttp://jvn.jp/jp/JVN%2340940493/index.htmlhttp://secunia.com/advisories/16858http://secunia.com/advisories/17282http://securityreason.com/securityalert/17http://www.gentoo.org/security/en/glsa/glsa-200509-17.xmlhttp://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/83_e.htmlhttp://www.mandriva.com/security/advisories?name=MDKSA-2005:176http://www.novell.com/linux/security/advisories/2005_24_sr.htmlhttp://www.osvdb.org/19575http://www.securityfocus.com/bid/14889http://www.vupen.com/english/advisories/2005/1791