First Last Prev Next    No search results available      Search page      Enter new bug
Bug#: 181385
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Pierre-Yves Rofes <py@gentoo.org>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 181385 depends on: Show dependency tree
Bug 181385 blocks:

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2007-06-09 08:25 0000 
Some vulnerabilities have been reported in Webmin, which can be exploited by
malicious people to conduct cross-site scripting attacks.

Input passed to unspecified parameters in pam_login.cgi is not properly
sanitised before being returned to the user. This can be exploited to execute
arbitrary HTML and script code in a user's browser session in context of an
affected site.

The vulnerabilities are reported in version 1.340. Prior versions may also be
affected.

Solution:
Update to version 1.350.

Provided and/or discovered by:
Reported by the vendor.

------- Comment #1 From Pierre-Yves Rofes 2007-06-09 08:28:32 0000 ------- 
Setting status and cc'ing maintainer. please advise and bump as necessary.

------- Comment #2 From Jakub Moc (RETIRED) 2007-06-09 08:38:33 0000 ------- 
*** Bug 180607 has been marked as a duplicate of this bug. ***

------- Comment #3 From Jakub Moc (RETIRED) 2007-06-09 08:48:08 0000 ------- 
beu's being retired... I'm adding armin76 to CC, since he did the last security
bump.

------- Comment #4 From Raúl Porcel 2007-06-09 14:23:07 0000 ------- 
1.350 in the tree

------- Comment #5 From Pierre-Yves Rofes 2007-06-09 17:04:58 0000 ------- 
Thanks Raul.
Arches, please test and mark stable. Target keywords are:
webmin-1.350.ebuild:KEYWORDS="alpha amd64 arm hppa ppc ppc64 s390 sh sparc x86"

------- Comment #6 From Markus Rothe 2007-06-09 17:46:53 0000 ------- 
ppc64 stable

------- Comment #7 From Jeroen Roovers 2007-06-09 22:25:22 0000 ------- 
Stable for HPPA.

------- Comment #8 From Raúl Porcel 2007-06-10 13:49:35 0000 ------- 
alpha/x86 stable

------- Comment #9 From Tobias Scherbaum 2007-06-10 14:38:20 0000 ------- 
ppc stable

------- Comment #10 From Gustavo Zacarias (RETIRED) 2007-06-11 13:03:16 0000 ------- 
sparc stable.

------- Comment #11 From Christoph Mende 2007-06-12 23:21:17 0000 ------- 
amd64 done

------- Comment #12 From Sune Kloppenborg Jeppesen 2007-06-13 18:58:37 0000 ------- 
I tend to vote YES.

------- Comment #13 From Pierre-Yves Rofes 2007-06-20 08:27:46 0000 ------- 
I tend to vote yes too.

------- Comment #14 From Raphael Marichez 2007-06-25 16:25:18 0000 ------- 
In order to stealth (and use) the victim's cookies, an attacker has to:
- have access to the webmin interface (which i think is highly insecure)
- bring the victim to a crafted, malicious URL.

Usually i vote no, but given that a webmin credentials compromise is likely to
lead to a complete system compromise, i will vote yes. I still think running
webmin over internet is silly.

------- Comment #15 From Raphael Marichez 2007-06-25 16:45:03 0000 ------- 
usermin is certainly affected too, since the pam_login.cgi file is exactly the
same one.
(between vulnerable webmin-1.340 and usermin-1.270)

Raul could you handle this (patch or bump as necessary), thanks in advance.

------- Comment #16 From Raúl Porcel 2007-06-25 17:02:59 0000 ------- 
app-admin/usermin-1.280 in the tree

------- Comment #17 From Pierre-Yves Rofes 2007-06-25 17:31:39 0000 ------- 
Thx Raul.
Arches, please test and mark stable usermin-1.280. Target keywords are:
usermin-1.280:KEYWORDS="alpha amd64 hppa ppc ppc64 sparc x86"

------- Comment #18 From René Nussbaumer 2007-06-25 17:44:32 0000 ------- 
hppa done.

------- Comment #19 From Raúl Porcel 2007-06-25 17:56:15 0000 ------- 
alpha/x86 stable

------- Comment #20 From Christoph Mende 2007-06-25 18:51:13 0000 ------- 
amd64 done

------- Comment #21 From Gustavo Zacarias (RETIRED) 2007-06-25 21:06:29 0000 ------- 
sparc stable.

------- Comment #22 From Markus Rothe 2007-06-27 07:27:16 0000 ------- 
ppc64 stable

------- Comment #23 From Tobias Scherbaum 2007-06-28 18:43:46 0000 ------- 
ppc stable, ready for glsa voting.

------- Comment #24 From Pierre-Yves Rofes 2007-06-29 13:33:47 0000 ------- 
thanks Tobias, but we already voted previously :)

------- Comment #25 From Tobias Scherbaum 2007-06-29 14:45:11 0000 ------- 
(In reply to comment #24)
> thanks Tobias, but we already voted previously :)
> 

nevermind then :P

------- Comment #26 From Raphael Marichez 2007-07-06 09:10:55 0000 ------- 
GLSA 200707-05
First Last Prev Next    No search results available      Search page      Enter new bug