CVE-2005-3042

critical

Description

miniserv.pl in Webmin before 1.230 and Usermin before 1.160, when "full PAM conversations" is enabled, allows remote attackers to bypass authentication by spoofing session IDs via certain metacharacters (line feed or carriage return).

References

http://www.webmin.com/uchanges-1.160.html

http://www.webmin.com/changes-1.230.html

http://www.vupen.com/english/advisories/2005/1791

http://www.securityfocus.com/bid/14889

http://www.osvdb.org/19575

http://www.novell.com/linux/security/advisories/2005_24_sr.html

http://www.mandriva.com/security/advisories?name=MDKSA-2005:176

http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/83_e.html

http://www.gentoo.org/security/en/glsa/glsa-200509-17.xml

http://securityreason.com/securityalert/17

http://secunia.com/advisories/17282

http://secunia.com/advisories/16858

http://jvn.jp/jp/JVN%2340940493/index.html

http://archives.neohapsis.com/archives/bugtraq/2005-09/0257.html

Details

Source: Mitre, NVD

Published: 2005-09-22

Updated: 2011-03-08

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Severity: Critical

Detections

Analytics