OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: snsadvlac.co.jp
Date: Wed May 08 2002 - 00:20:26 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    ----------------------------------------------------------------------
    SNS Advisory No.52
    Webmin/Usermin Cross-site Scripting Vulnerability

    Problem first discovered: Thu, 2 May 2002
    Published: Tue, 7 May 2002
    ----------------------------------------------------------------------

    Overview:
    ---------
      The authentication page of both Webmin and Usermin is prone to a
      cross-site scripting vulnerability.

    Problem:
    --------
      Webmin is a web-based system administration tool for Unix. Usermin is
      a web interface that allows all users on a Unix system to easily receive
      mails and to perform SSH and mail forwarding configuration. A potential
      cross-site scripting vulnerability may occur because the CGI script of
      the authentication page used by both Webmin and Usermin, prints user's
      input on the error page.

      Webmin and Usermin users'session ID cookies cannot be acquired, since this
      problem only occurs when users are not logged into these software packages.
      However, there is a possibility that the cookie of a Web service may be
      stolen if it is running on the same host as of Webmin/Usermin.

    Tested Versions:
    ----------------
      Webmin Version: 0.960
      Usermin Version: 0.90

    対策:
    Solution:
    ---------
      This problem can be eliminated by upgrading to Webmin version 0.970
      /Usermin version 0.910, which are available at the following URL:

      http://www.webmin.com/

    Discovered by:
    --------------
      Keigo Yamazaki

    Disclaimer:
    -----------
      All information in these advisories are subject to change without any
      advanced notices neither mutual consensus, and each of them is released
      as it is. LAC Co.,Ltd. is not responsible for any risks of occurrences
      caused by applying those information.