From snsadv@lac.co.jp Thu May 9 02:49:05 2002 From: "snsadv@lac.co.jp" To: bugtraq@securityfocus.com Date: Wed, 08 May 2002 14:20:26 +0900 Subject: [SNS Advisory No.52] Webmin/Usermin Cross-site Scripting Vulnerability [The following text is in the "ISO-2022-JP" character set] [Your display is set for the "US-ASCII" character set] [Some characters may be displayed incorrectly] ---------------------------------------------------------------------- SNS Advisory No.52 Webmin/Usermin Cross-site Scripting Vulnerability Problem first discovered: Thu, 2 May 2002 Published: Tue, 7 May 2002 ---------------------------------------------------------------------- Overview: --------- The authentication page of both Webmin and Usermin is prone to a cross-site scripting vulnerability. Problem: -------- Webmin is a web-based system administration tool for Unix. Usermin is a web interface that allows all users on a Unix system to easily receive mails and to perform SSH and mail forwarding configuration. A potential cross-site scripting vulnerability may occur because the CGI script of the authentication page used by both Webmin and Usermin, prints user's input on the error page. Webmin and Usermin users'session ID cookies cannot be acquired, since this problem only occurs when users are not logged into these software packages. However, there is a possibility that the cookie of a Web service may be stolen if it is running on the same host as of Webmin/Usermin. Tested Versions: ---------------- Webmin Version: 0.960 Usermin Version: 0.90 対策: Solution: --------- This problem can be eliminated by upgrading to Webmin version 0.970 /Usermin version 0.910, which are available at the following URL: http://www.webmin.com/ Discovered by: -------------- Keigo Yamazaki Disclaimer: ----------- All information in these advisories are subject to change without any advanced notices neither mutual consensus, and each of them is released as it is. LAC Co.,Ltd. is not responsible for any risks of occurrences caused by applying those information.