CVE-2002-0757

Sažetak

(1) Webmin 0.96 and (2) Usermin 0.90 with password timeouts enabled allow local and possibly remote attackers to bypass authentication and gain privileges via certain control characters in the authentication information, which can force Webmin or Usermin to accept arbitrary username/session ID combinations.

Reference

http://online.securityfocus.com/archive/1/271466
http://www.iss.net/security_center/static/9037.php
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-033.php
http://www.securityfocus.com/bid/4700

CVSS

Base:	7.5
Impact:	6.4
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

05-09-2008 - 20:28

Objavljeno

12-08-2002 - 04:00