webmin, usermin: remote code execution through PAM authentication
| Package(s): | webmin usermin |
CVE #(s): | CAN-2005-3042
|
| Created: | September 26, 2005 |
Updated: | October 7, 2005 |
| Description: |
Keigo Yamazaki discovered that the miniserv.pl webserver, used in both
Webmin and Usermin, does not properly validate authentication
credentials before sending them to the PAM (Pluggable Authentication
Modules) authentication process. The default configuration shipped with
Gentoo does not enable the "full PAM conversations" option and is
therefore unaffected by this flaw. |
| Alerts: |
|
