CVE-2003-0101 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2003-0101
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2003-0101

Description: miniserv.pl in (1) Webmin before 1.070 and (2) Usermin before 1.000 does not properly handle metacharacters such as line feeds and carriage returns (CRLF) in Base-64 encoded strings during Basic authentication, which allows remote attackers to spoof a session ID and gain root privileges.

CVE Status: Candidate

References: XF http://www.iss.net/security_center/static/11390.php ST 1006160 SGI SAID Secunia Advisory: SA8115 Secunia Advisory: SA8163 MISC http://www.lac.co.jp/security/english/snsadv_e/62_e.html MANDRAKE http://www.mandriva.com/security/advisories?name=MDKSA-2003:025 HP http://archives.neohapsis.com/archives/hp/2003-q1/0063.html ENGARDE http://archives.neohapsis.com/archives/linux/engarde/2003-q1/0008.html DEBIAN http://www.debian.org/security/2003/dsa-319 CONFIRM http://marc.theaimsgroup.com/?l=webmin-announce&m=104587858408101&w=2 http://www.linuxsecurity.com/advisories/gentoo_advisory-2886.html CIAC http://www.ciac.org/ciac/bulletins/n-058.shtml BUGTRAQ http://marc.theaimsgroup.com/?l=bugtraq&m=104610245624895&w=2 http://marc.theaimsgroup.com/?l=bugtraq&m=104610336226274&w=2 http://marc.theaimsgroup.com/?l=bugtraq&m=104610300325629&w=2 BID 6915

Return to the previous page.