Gentoo Security Advisory GLSA 200502-12 (Webmin) Network Vulnerability

Summary

The remote host is missing updates announced in advisory GLSA 200502-12.

Solution

Webmin users should delete any old shared Webmin binary package as soon as possible. They should also consider their buildhost root password potentially exposed and follow proper audit procedures. If you plan to build binary packages, you should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=app-admin/webmin-1.170-r3' http://www.securityspace.com/smysecure/catid.html?in=GLSA%20200502-12 http://bugs.gentoo.org/show_bug.cgi?id=77731

Insight

Portage-built Webmin binary packages accidentally include a file containing the local encrypted root password.

Severity

Classification

CVE CVE-2005-0427
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Gentoo Security Advisory GLSA 200410-15 (squid)
Gentoo Security Advisory GLSA 200311-05 (Ethereal)
Gentoo Security Advisory GLSA 200501-16 (Konqueror, kde, kdelibs)
Gentoo Security Advisory GLSA 200403-03 (OpenSSL)
Gentoo Security Advisory GLSA 200401-02 (honeyd)

Take action and discover your vulnerabilities