Login
Newsletter
Werbung

Sicherheit: Fehlerhafte Zugangskontrolle in webmin
Aktuelle Meldungen Distributionen
Name: Fehlerhafte Zugangskontrolle in webmin
ID: CSSA-2003-035.0
Distribution: SCO OpenLinux
Plattformen: SCO OpenLinux 3.1.1 Server, SCO OpenLinux 3.1.1 Workstation
Datum: Di, 18. November 2003, 12:00
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0101
Applikationen: Usermin

Originalnachricht

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


______________________________________________________________________________

SCO Security Advisory

Subject: OpenLinux: Webmin/Usermin Session ID Spoofing Vulnerability
Advisory number: CSSA-2003-035.0
Issue date: 2003 November 17
Cross reference: sr882687 fz528142 erg712377 CAN-2003-0101
______________________________________________________________________________


1. Problem Description

Webmin is a web-based system administration tool for Unix. Usermin
is a web interface that allows all users on a Unix system to
easily receive mails and to perform SSH and mail forwarding
configuration.

Internal communication between the parent process and the child
process using named pipes occur in these software packages during
creation or verification of a session ID, or during the setting
process of password timeouts. Because the control characters
contained in the data passed as authentication information are
not eliminated, it is possible to make Webmin and Usermin to
acknowledge the combination of any user and session ID specified
by an attacker. If the attacker could log into Webmin by using this
problem, there is a possibility that arbitrary commands may be
executed with root privileges.

The Common Vulnerabilities and Exposures (CVE) project has
assigned the name CAN-2003-0101 to this issue. This is a
candidate for inclusion in the CVE list (http://cve.mitre.org),
which standardizes names for security problems.

CAN-2003-0101 miniserv.pl in Webmin before 1.070 and Usermin before
1.000 does not properly handle metacharacters such as line feeds and
carriage returns (CRLF) in Base-64 encoded strings during Basic
authentication, which allows remote attackers to spoof a session ID
and gain root privileges.


2. Vulnerable Supported Versions

System Package
----------------------------------------------------------------------
OpenLinux 3.1.1 Server prior to webmin-0.89-12.i386.rpm
OpenLinux 3.1.1 Workstation prior to webmin-0.89-12.i386.rpm


3. Solution

The proper solution is to install the latest packages. Many
customers find it easier to use the Caldera System Updater, called
cupdate (or kcupdate under the KDE environment), to update these
packages rather than downloading and installing them by hand.


4. OpenLinux 3.1.1 Server

4.1 Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2003-035.0/RPMS

4.2 Packages

859d9998141394dc96f338087633814b webmin-0.89-12.i386.rpm

4.3 Installation

rpm -Fvh webmin-0.89-12.i386.rpm

4.4 Source Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2003-035.0/SRPMS

4.5 Source Packages

81c76fa65b710248c8108ea17740d88d webmin-0.89-12.src.rpm


5. OpenLinux 3.1.1 Workstation

5.1 Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2003-035.0/RPMS

5.2 Packages

2c9048c8c623a9268b5233766890ea1c webmin-0.89-12.i386.rpm

5.3 Installation

rpm -Fvh webmin-0.89-12.i386.rpm

5.4 Source Package Location

SRPMS

5.5 Source Packages

cda66a1795a1a3914041ae920a245381 webmin-0.89-12.src.rpm


6. References

Specific references for this advisory:
http://www.lac.co.jp/security/english/snsadv_e/53_e.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0101


SCO security resources:
http://www.sco.com/support/security/index.html

This security fix closes SCO incidents sr882687 fz528142 erg712377.


7. Disclaimer

SCO is not responsible for the misuse of any of the information
we provide on this website and/or through our security
advisories. Our advisories are a service to our customers intended
to promote secure installation and use of SCO products.


8. Acknowledgements

SCO would like to thank Keigo Yamazaki and Jamie Cameron for
reporting this issue.

______________________________________________________________________________

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (SCO/UNIX_SVR5)

iD8DBQE/uT+LbluZssSXDTERAtbcAJ9uRJYy8bBK11z9OStcBEzGSh1wggCfXC+w
nARQfC+cEIpatb0lNeChuDA=
=BAVd
-----END PGP SIGNATURE-----
Pro-Linux
Pro-Linux @Twitter
Neue Nachrichten
Werbung