Published:2005/09/20 Last Updated:2008/05/21
JVN#40940493
Webmin and Usermin authentication bypass vulnerability
Overview
Webmin and Usermin, web-based system management tools for UNIX, contain a vulnerability which may allow a remote attacker to bypass authentication when PAM authentication is used.
Products Affected
- Webmin Version 1.200 - 1.220
- Usermin Version 1.130 - 1.160
Description
Impact
A remote attacker could bypass Webmin and Usermin's authentication, and execute an arbitrary command with root privileges.
Solution
Vendor Status
| Vendor | Link |
| webmin |
Security Alerts |
References
- LAC SNS Advisory No.83
Webmin/Usermin PAM Authentication Bypass Vulnerability - Japan Webmin Users Group
http://jp.webmin.com/modules/news/article.php?storyid=8
JPCERT/CC Addendum
Credit
Keigo Yamazaki of LAC Co., Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendors under Information Security Early Warning Partnership.
Other Information
| JPCERT Alert | |
| JPCERT Reports | |
| CERT Advisory | |
| CPNI Advisory | |
| TRnotes | |
| CVE |
CVE-2005-3042 |
| JVN iPedia |
JVNDB-2005-000537 |