Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 53375

Summary: app-admin/webmin Version 1.150 (Fixed a security hole)
Product: Gentoo Security Reporter: gen2daniel <gen2daniel>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: eradicator, leroutier
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://www.webmin.com/changes-1.150.html
Whiteboard: B3 [glsa]
Package list:
Runtime testing required: ---

Description gen2daniel 2004-06-08 22:08:17 UTC
"Fixed a security hole that allowed any user to view the configuration of any module, even those that they should not have access to.
Fixed a security hole that could allow an attacker to lock valid users by sending a bogus username or password."

Reproducible: Always
Steps to Reproduce:
Comment 1 Thierry Carrez (RETIRED) gentoo-dev 2004-06-09 01:54:26 UTC
eradicator: please bump webmin to 1.150...
Comment 2 Jeremy Huddleston (RETIRED) gentoo-dev 2004-06-12 01:41:34 UTC
ack... I just got email up, so I didn't notice this until now... I don't have a system to test this on at the moment and I won't for a few days still... I will make the ebuild as best I can and put it in package.mask, but someone else needs to test it for me (I don't have any working gentoo system at the moment 'cause I'm migrating from x86 to amd64 on my servers).
Comment 3 Jeremy Huddleston (RETIRED) gentoo-dev 2004-06-12 02:17:18 UTC
ok... actually I was able to test out the ebuild... I forgot webmin doesn't require apache...  I've marked it stable on x86 and amd64.

ppc and sparc need to mark it stable before GLSA can be released.

hppa and s390 should test it as well, but AFAIK these are not tier1 archs that block a GLSA.
Comment 4 Jason Wever (RETIRED) gentoo-dev 2004-06-12 16:16:42 UTC
Stable on sparc.
Comment 5 Luca Barbato gentoo-dev 2004-06-13 09:58:02 UTC
Stable ppc
Comment 6 Thierry Carrez (RETIRED) gentoo-dev 2004-06-15 13:00:56 UTC
Ready for a GLSA.
hppa, ia64 : don't forget to mark stable when you can.
Comment 7 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2004-06-15 14:23:30 UTC
GLSA drafted: security please review.

Also if possible remove old vulnerable ebuilds.
Comment 8 Kurt Lieber (RETIRED) gentoo-dev 2004-06-16 06:31:18 UTC
glsa 200406-12
Comment 9 Guy Martin (RETIRED) gentoo-dev 2004-06-16 06:43:37 UTC
Stable on hppa.