linux, säkerhet

8413083 2002-05-08 14:20 +0900  /56 rader/ snsadv@lac.co.jp <snsadv@lac.co.jp>
Sänt av: joel@lysator.liu.se
Importerad: 2002-05-08  20:35  av Brevbäraren
Extern mottagare: bugtraq@securityfocus.com
Mottagare: Bugtraq (import) <22194>
Ärende: [SNS Advisory No.52] Webmin/Usermin Cross-site Scripting Vulnerability
------------------------------------------------------------
From: "snsadv@lac.co.jp" <snsadv@lac.co.jp>
To: bugtraq@securityfocus.com
Message-ID: <20020508141236.5D9F.SNSADV@lac.co.jp>

----------------------------------------------------------------------
SNS Advisory No.52
Webmin/Usermin Cross-site Scripting Vulnerability

Problem first discovered: Thu, 2 May 2002
Published: Tue, 7 May 2002
----------------------------------------------------------------------

Overview:
---------
  The authentication page of both Webmin and Usermin is prone to a 
  cross-site scripting vulnerability. 

Problem:
--------
  Webmin is a web-based system administration tool for Unix.  Usermin is 
  a web interface that allows all users on a Unix system to easily receive 
  mails and to perform SSH and mail forwarding configuration.  A potential 
  cross-site scripting vulnerability may occur because the CGI script of 
  the authentication page used by both Webmin and Usermin, prints user's 
  input on the error page. 

  Webmin and Usermin users'session ID cookies cannot be acquired,
  since this  problem only occurs when users are not logged into
  these software packages.   However, there is a possibility that the
  cookie of a Web service may be  stolen if it is running on the same
  host as of Webmin/Usermin.

Tested Versions:
----------------
  Webmin  Version: 0.960
  Usermin Version: 0.90

$BBP:v(B: 
Solution:
---------
  This problem can be eliminated by upgrading to Webmin version 0.970 
  /Usermin version 0.910, which are available at the following URL:

  http://www.webmin.com/

Discovered by:
--------------
  Keigo Yamazaki

Disclaimer:
-----------
  All information in these advisories are subject to change without any 
  advanced notices neither mutual consensus, and each of them is released 
  as it is. LAC Co.,Ltd. is not responsible for any risks of occurrences 
  caused by applying those information.
(8413083) /snsadv@lac.co.jp <snsadv@lac.co.jp>/(Ombruten)