From security@caldera.com Fri Jan 10 16:04:45 2003 From: security@caldera.com To: bugtraq@securityfocus.com, announce@lists.caldera.com, security-alerts@linuxsecurity.com, full-disclosure@lists.netsys.com Date: Fri, 10 Jan 2003 10:42:21 -0800 Reply-To: please_reply_to_security@caldera.com Subject: [Full-Disclosure] Security Update: [CSSA-2003-002.0] Linux: Webmin Cross-site Scripting and Session ID Spoofing Vulnerabilities To: bugtraq@securityfocus.com announce@lists.caldera.com security-alerts@linuxsecurity.com full-disclosure@lists.netsys.com ______________________________________________________________________________ SCO Security Advisory Subject: Linux: Webmin Cross-site Scripting and Session ID Spoofing Vulnerabilities Advisory number: CSSA-2003-002.0 Issue date: 2003 January 09 Cross reference: ______________________________________________________________________________ 1. Problem Description From the CVE database: Cross-site scripting vulnerability in the authentication page for webmin allows remote attackers to insert script into an error page and possibly steal cookies. Webmin with password timeouts enabled allow local (and possibly remote) attackers to bypass authentication and gain privileges via certain control characters in the authentication information, which can force webmin to accept arbitrary username/session ID combinations. 2. Vulnerable Supported Versions System Package ---------------------------------------------------------------------- OpenLinux 3.1.1 Server prior to webmin-0.89-11.i386.rpm OpenLinux 3.1.1 Workstation prior to webmin-0.89-11.i386.rpm OpenLinux 3.1 Server prior to webmin-0.89-11.i386.rpm OpenLinux 3.1 Workstation prior to webmin-0.89-11.i386.rpm 3. Solution The proper solution is to install the latest packages. Many customers find it easier to use the Caldera System Updater, called cupdate (or kcupdate under the KDE environment), to update these packages rather than downloading and installing them by hand. 4. OpenLinux 3.1.1 Server 4.1 Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2003-002.0/RPMS 4.2 Packages 3026e74f0dfaf25d908ccec688a314e2 webmin-0.89-11.i386.rpm 4.3 Installation rpm -Fvh webmin-0.89-11.i386.rpm 4.4 Source Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2003-002.0/SRPMS 4.5 Source Packages 8f747fcb86d3e0461e5a3b94e1146f0b webmin-0.89-11.src.rpm 5. OpenLinux 3.1.1 Workstation 5.1 Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2003-002.0/RPMS 5.2 Packages 7f8f3ce6e7924dc37dda93f055673133 webmin-0.89-11.i386.rpm 5.3 Installation rpm -Fvh webmin-0.89-11.i386.rpm 5.4 Source Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2003-002.0/SRPMS 5.5 Source Packages 19ae473fe6f97850aa82c433f4c1067b webmin-0.89-11.src.rpm 6. OpenLinux 3.1 Server 6.1 Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2003-002.0/RPMS 6.2 Packages 00d70a606a93cb9f2918f5fcfd2e5b06 webmin-0.89-11.i386.rpm 6.3 Installation rpm -Fvh webmin-0.89-11.i386.rpm 6.4 Source Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2003-002.0/SRPMS 6.5 Source Packages 77fac0e2fff9398a5f8c03d42fc069b8 webmin-0.89-11.src.rpm 7. OpenLinux 3.1 Workstation 7.1 Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2003-002.0/RPMS 7.2 Packages 2cf9af671080810d2cb0c6e45a860755 webmin-0.89-11.i386.rpm 7.3 Installation rpm -Fvh webmin-0.89-11.i386.rpm 7.4 Source Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2003-002.0/SRPMS 7.5 Source Packages 1932376f68438264e54a1dee7bbd5dff webmin-0.89-11.src.rpm 8. References Specific references for this advisory: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0756 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0757 SCO security resources: http://www.sco.com/support/security/index.html This security fix closes SCO incidents sr863988, fz520909, erg501606. 9. Disclaimer SCO is not responsible for the misuse of any of the information we provide on this website and/or through our security advisories. Our advisories are a service to our customers intended to promote secure installation and use of SCO products. 10. Acknowledgements Keigo Yamazaki (LAC Co.,Ltd) discovered and researched this vulnerability. ______________________________________________________________________________ [ Part 2, Application/PGP-SIGNATURE 245bytes. ] [ Unable to print this part. ]