Gentoo Security Advisory GLSA 200608-11 (webmin/usermin) Network Vulnerability

Summary

The remote host is missing updates announced in advisory GLSA 200608-11.

Solution

All Webmin users should update to the latest stable version: # emerge --sync # emerge --ask --verbose --oneshot '>=app-admin/webmin-1.290' All Usermin users should update to the latest stable version: # emerge --sync # emerge --ask --verbose --oneshot '>=app-admin/usermin-1.220' http://www.securityspace.com/smysecure/catid.html?in=GLSA%20200608-11 http://bugs.gentoo.org/show_bug.cgi?id=138552

Insight

Webmin and Usermin are vulnerable to an arbitrary file disclosure through a specially crafted URL.

Severity

Classification

CVE CVE-2006-3392
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Gentoo Security Advisory GLSA 200404-13 (cvs)
Gentoo Security Advisory GLSA 200406-04 (mailman)
Gentoo Security Advisory GLSA 200312-08 (cvs)
Gentoo Security Advisory GLSA 200411-03 (apache)
Gentoo Security Advisory GLSA 200412-27 (PHProjekt)

Take action and discover your vulnerabilities