Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 53375 - app-admin/webmin Version 1.150 (Fixed a security hole)
Summary: app-admin/webmin Version 1.150 (Fixed a security hole)
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal
Assignee: Gentoo Security
URL: http://www.webmin.com/changes-1.150.html
Whiteboard: B3 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2004-06-08 22:08 UTC by gen2daniel
Modified: 2011-10-30 22:38 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description gen2daniel 2004-06-08 22:08:17 UTC
"Fixed a security hole that allowed any user to view the configuration of any module, even those that they should not have access to.
Fixed a security hole that could allow an attacker to lock valid users by sending a bogus username or password."

Reproducible: Always
Steps to Reproduce:
Comment 1 Thierry Carrez (RETIRED) gentoo-dev 2004-06-09 01:54:26 UTC
eradicator: please bump webmin to 1.150...
Comment 2 Jeremy Huddleston (RETIRED) gentoo-dev 2004-06-12 01:41:34 UTC
ack... I just got email up, so I didn't notice this until now... I don't have a system to test this on at the moment and I won't for a few days still... I will make the ebuild as best I can and put it in package.mask, but someone else needs to test it for me (I don't have any working gentoo system at the moment 'cause I'm migrating from x86 to amd64 on my servers).
Comment 3 Jeremy Huddleston (RETIRED) gentoo-dev 2004-06-12 02:17:18 UTC
ok... actually I was able to test out the ebuild... I forgot webmin doesn't require apache...  I've marked it stable on x86 and amd64.

ppc and sparc need to mark it stable before GLSA can be released.

hppa and s390 should test it as well, but AFAIK these are not tier1 archs that block a GLSA.
Comment 4 Jason Wever (RETIRED) gentoo-dev 2004-06-12 16:16:42 UTC
Stable on sparc.
Comment 5 Luca Barbato gentoo-dev 2004-06-13 09:58:02 UTC
Stable ppc
Comment 6 Thierry Carrez (RETIRED) gentoo-dev 2004-06-15 13:00:56 UTC
Ready for a GLSA.
hppa, ia64 : don't forget to mark stable when you can.
Comment 7 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2004-06-15 14:23:30 UTC
GLSA drafted: security please review.

Also if possible remove old vulnerable ebuilds.
Comment 8 Kurt Lieber (RETIRED) gentoo-dev 2004-06-16 06:31:18 UTC
glsa 200406-12
Comment 9 Guy Martin (RETIRED) gentoo-dev 2004-06-16 06:43:37 UTC
Stable on hppa.