[gentoo-announce] [ GLSA 200512-02 ] Webmin, Usermin: Format string vulnerability - gentoo-announce

From:	Sune Kloppenborg Jeppesen <jaervosz@g.o>
To:	gentoo-announce@l.g.o
Cc:	bugtraq@×××××××××××××.com, full-disclosure@××××××××××××××.uk, security-alerts@×××××××××××××.com
Subject:	[gentoo-announce] [ GLSA 200512-02 ] Webmin, Usermin: Format string vulnerability
Date:	Wed, 07 Dec 2005 20:45:54
Message-Id:	`200512072119.27098.jaervosz@gentoo.org`

1

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

2

Gentoo Linux Security Advisory                           GLSA 200512-02

3

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

4

                                            http://security.gentoo.org/

5

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

6

7

  Severity: High

8

     Title: Webmin, Usermin: Format string vulnerability

9

      Date: December 07, 2005

10

      Bugs: #113888

11

        ID: 200512-02

12

13

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

14

15

Synopsis

16

========

17

18

Webmin and Usermin are vulnerable to a format string vulnerability

19

which may lead to the execution of arbitrary code.

20

21

Background

22

==========

23

24

Webmin is a web-based interface for Unix-like systems. Usermin is a

25

simplified version of Webmin designed for use by normal users rather

26

than system administrators.

27

28

Affected packages

29

=================

30

31

    -------------------------------------------------------------------

32

     Package            /  Vulnerable  /                    Unaffected

33

    -------------------------------------------------------------------

34

  1  app-admin/webmin        < 1.250                          >= 1.250

35

  2  app-admin/usermin       < 1.180                          >= 1.180

36

    -------------------------------------------------------------------

37

     2 affected packages on all of their supported architectures.

38

    -------------------------------------------------------------------

39

40

Description

41

===========

42

43

Jack Louis discovered that the Webmin and Usermin "miniserv.pl" web

44

server component is vulnerable to a Perl format string vulnerability.

45

Login with the supplied username is logged via the Perl "syslog"

46

facility in an unsafe manner.

47

48

Impact

49

======

50

51

A remote attacker can trigger this vulnerability via a specially

52

crafted username containing format string data. This can be exploited

53

to consume a large amount of CPU and memory resources on a vulnerable

54

system, and possibly to execute arbitrary code of the attacker's choice

55

with the permissions of the user running Webmin.

56

57

Workaround

58

==========

59

60

There is no known workaround at this time.

61

62

Resolution

63

==========

64

65

All Webmin users should upgrade to the latest version:

66

67

    # emerge --sync

68

    # emerge --ask --oneshot --verbose ">=app-admin/webmin-1.250"

69

70

All Usermin users should upgrade to the latest version:

71

72

    # emerge --sync

73

    # emerge --ask --oneshot --verbose ">=app-admin/usermin-1.180"

74

75

References

76

==========

77

78

  [ 1 ] CVE-2005-3912

79

        http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3912

80

  [ 2 ] Dyad Security Advisory

81

        http://www.dyadsecurity.com/webmin-0001.html

82

83

Availability

84

============

85

86

This GLSA and any updates to it are available for viewing at

87

the Gentoo Security Website:

88

89

  http://security.gentoo.org/glsa/glsa-200512-02.xml

90

91

Concerns?

92

=========

93

94

Security is a primary focus of Gentoo Linux and ensuring the

95

confidentiality and security of our users machines is of utmost

96

importance to us. Any security concerns should be addressed to

97

security@g.o or alternatively, you may file a bug at

98

http://bugs.gentoo.org.

99

100

License

101

=======

102

103

Copyright 2005 Gentoo Foundation, Inc; referenced text

104

belongs to its owner(s).

105

106

The contents of this document are licensed under the

107

Creative Commons - Attribution / Share Alike license.

108

109

http://creativecommons.org/licenses/by-sa/2.0

1	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2	Gentoo Linux Security Advisory GLSA 200512-02
3	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4	http://security.gentoo.org/
5	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7	Severity: High
8	Title: Webmin, Usermin: Format string vulnerability
9	Date: December 07, 2005
10	Bugs: #113888
11	ID: 200512-02
12
13	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15	Synopsis
16	========
17
18	Webmin and Usermin are vulnerable to a format string vulnerability
19	which may lead to the execution of arbitrary code.
20
21	Background
22	==========
23
24	Webmin is a web-based interface for Unix-like systems. Usermin is a
25	simplified version of Webmin designed for use by normal users rather
26	than system administrators.
27
28	Affected packages
29	=================
30
31	-------------------------------------------------------------------
32	Package / Vulnerable / Unaffected
33	-------------------------------------------------------------------
34	1 app-admin/webmin < 1.250 >= 1.250
35	2 app-admin/usermin < 1.180 >= 1.180
36	-------------------------------------------------------------------
37	2 affected packages on all of their supported architectures.
38	-------------------------------------------------------------------
39
40	Description
41	===========
42
43	Jack Louis discovered that the Webmin and Usermin "miniserv.pl" web
44	server component is vulnerable to a Perl format string vulnerability.
45	Login with the supplied username is logged via the Perl "syslog"
46	facility in an unsafe manner.
47
48	Impact
49	======
50
51	A remote attacker can trigger this vulnerability via a specially
52	crafted username containing format string data. This can be exploited
53	to consume a large amount of CPU and memory resources on a vulnerable
54	system, and possibly to execute arbitrary code of the attacker's choice
55	with the permissions of the user running Webmin.
56
57	Workaround
58	==========
59
60	There is no known workaround at this time.
61
62	Resolution
63	==========
64
65	All Webmin users should upgrade to the latest version:
66
67	# emerge --sync
68	# emerge --ask --oneshot --verbose ">=app-admin/webmin-1.250"
69
70	All Usermin users should upgrade to the latest version:
71
72	# emerge --sync
73	# emerge --ask --oneshot --verbose ">=app-admin/usermin-1.180"
74
75	References
76	==========
77
78	[ 1 ] CVE-2005-3912
79	http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3912
80	[ 2 ] Dyad Security Advisory
81	http://www.dyadsecurity.com/webmin-0001.html
82
83	Availability
84	============
85
86	This GLSA and any updates to it are available for viewing at
87	the Gentoo Security Website:
88
89	http://security.gentoo.org/glsa/glsa-200512-02.xml
90
91	Concerns?
92	=========
93
94	Security is a primary focus of Gentoo Linux and ensuring the
95	confidentiality and security of our users machines is of utmost
96	importance to us. Any security concerns should be addressed to
97	security@g.o or alternatively, you may file a bug at
98	http://bugs.gentoo.org.
99
100	License
101	=======
102
103	Copyright 2005 Gentoo Foundation, Inc; referenced text
104	belongs to its owner(s).
105
106	The contents of this document are licensed under the
107	Creative Commons - Attribution / Share Alike license.
108
109	http://creativecommons.org/licenses/by-sa/2.0

Gentoo Archives: gentoo-announce