exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

dsa-544.txt

dsa-544.txt
Posted Sep 15, 2004
Authored by Debian | Site debian.org

Debian Security Advisory DSA 544-1 - Ludwig Nussel discovered a problem in webmin, a web-based administration toolkit. A temporary directory was used but without checking for the previous owner. This could allow an attacker to create the directory and place dangerous symbolic links inside.

tags | advisory, web
systems | linux, debian
advisories | CVE-2004-0559
SHA-256 | 32d5e9937c86c2a5376b2972a716596d1a060f62e55dd6228a751e0b859d7587

dsa-544.txt

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 544-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
September 14th, 2004 http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package : webmin
Vulnerability : insecure temporary directory
Problem-Type : root
Debian-specific: no
CVE ID : CAN-2004-0559

Ludwig Nussel discovered a problem in webmin, a web-based
administration toolkit. A temporary directory was used but without
checking for the previous owner. This could allow an attacker to
create the directory and place dangerous symbolic links inside.

For the stable distribution (woody) this problem has been fixed in
version 0.94-7woody3.

For the unstable distribution (sid) this problem has been fixed in
version 1.160-1 of webmin and 1.090-1 of usermin.

We recommend that you upgrade your webmin packages.


Upgrade Instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- --------------------------------

Source archives:

http://security.debian.org/pool/updates/main/w/webmin/webmin_0.94-7woody3.dsc
Size/MD5 checksum: 1126 fc3cda806f5d94666cdc2cdac03e2c75
http://security.debian.org/pool/updates/main/w/webmin/webmin_0.94-7woody3.diff.gz
Size/MD5 checksum: 63028 64e3c4f454a1d576a4c52df29554309b
http://security.debian.org/pool/updates/main/w/webmin/webmin_0.94.orig.tar.gz
Size/MD5 checksum: 4831737 114c7ca2557c17faebb627a3de7acb97

Architecture independent components:

http://security.debian.org/pool/updates/main/w/webmin/webmin-apache_0.94-7woody3_all.deb
Size/MD5 checksum: 223812 12f056498c3ace868c1964ef2d9594b1
http://security.debian.org/pool/updates/main/w/webmin/webmin-bind8_0.94-7woody3_all.deb
Size/MD5 checksum: 182144 29ff6c45d83b13a482ef93d2ae8c7e3f
http://security.debian.org/pool/updates/main/w/webmin/webmin-burner_0.94-7woody3_all.deb
Size/MD5 checksum: 32688 4482f474e97ca209348a86e51c02a92b
http://security.debian.org/pool/updates/main/w/webmin/webmin-cluster-software_0.94-7woody3_all.deb
Size/MD5 checksum: 27688 6375d52cdd6f79d7f2e1b2e2d5d9bd6c
http://security.debian.org/pool/updates/main/w/webmin/webmin-cluster-useradmin_0.94-7woody3_all.deb
Size/MD5 checksum: 30790 157df9a37fa88cb7f4de6421c43d1f16
http://security.debian.org/pool/updates/main/w/webmin/webmin-core_0.94-7woody3_all.deb
Size/MD5 checksum: 1250120 f5fd9854a550095c27ab1c88254804e4
http://security.debian.org/pool/updates/main/w/webmin/webmin-cpan_0.94-7woody3_all.deb
Size/MD5 checksum: 26596 a4bc52ed84091eb648c399547b181ad3
http://security.debian.org/pool/updates/main/w/webmin/webmin-dhcpd_0.94-7woody3_all.deb
Size/MD5 checksum: 96632 36f8e9ed58c3f3f67146c0f3e5074d29
http://security.debian.org/pool/updates/main/w/webmin/webmin-exports_0.94-7woody3_all.deb
Size/MD5 checksum: 54808 9e9119bc090c28d5119daec9bf654f62
http://security.debian.org/pool/updates/main/w/webmin/webmin-fetchmail_0.94-7woody3_all.deb
Size/MD5 checksum: 27354 294e18b992f187865f85b2fc0d0abf80
http://security.debian.org/pool/updates/main/w/webmin/webmin-heartbeat_0.94-7woody3_all.deb
Size/MD5 checksum: 21776 f58063b055e6e0b429f15f1c9c578d2f
http://security.debian.org/pool/updates/main/w/webmin/webmin-inetd_0.94-7woody3_all.deb
Size/MD5 checksum: 48056 1db1b493a9088de2134891d5f0a9d23c
http://security.debian.org/pool/updates/main/w/webmin/webmin-jabber_0.94-7woody3_all.deb
Size/MD5 checksum: 31468 65d7199bd25d1f62ff376c0ad7e78a97
http://security.debian.org/pool/updates/main/w/webmin/webmin-lpadmin_0.94-7woody3_all.deb
Size/MD5 checksum: 103788 1920d9302034a175a6d3b00ca6f5dcf6
http://security.debian.org/pool/updates/main/w/webmin/webmin-mon_0.94-7woody3_all.deb
Size/MD5 checksum: 62498 ee4befa8d564ddb45b38643a62c61cfb
http://security.debian.org/pool/updates/main/w/webmin/webmin-mysql_0.94-7woody3_all.deb
Size/MD5 checksum: 119200 60eefbffc7c1a8a30807623b2fb078e4
http://security.debian.org/pool/updates/main/w/webmin/webmin-nis_0.94-7woody3_all.deb
Size/MD5 checksum: 62634 16ebd24ca1d45a7f3e76361fa5bda345
http://security.debian.org/pool/updates/main/w/webmin/webmin-postfix_0.94-7woody3_all.deb
Size/MD5 checksum: 196726 4d671bfbd3e1e2c8d6b3f9c8ecf93e3a
http://security.debian.org/pool/updates/main/w/webmin/webmin-postgresql_0.94-7woody3_all.deb
Size/MD5 checksum: 77564 f0b30ff5b2e01e9aa1e358f2a517e92a
http://security.debian.org/pool/updates/main/w/webmin/webmin-ppp_0.94-7woody3_all.deb
Size/MD5 checksum: 20840 8a7057272358f236075ae24aae4dfd9c
http://security.debian.org/pool/updates/main/w/webmin/webmin-qmailadmin_0.94-7woody3_all.deb
Size/MD5 checksum: 38028 4a8ef1a18d7d526f061e2924b83e238d
http://security.debian.org/pool/updates/main/w/webmin/webmin-quota_0.94-7woody3_all.deb
Size/MD5 checksum: 87994 bc7ec88cc7cf4556f8554d26b44063d3
http://security.debian.org/pool/updates/main/w/webmin/webmin-raid_0.94-7woody3_all.deb
Size/MD5 checksum: 35802 ec1761610e6a141705505abc407b5690
http://security.debian.org/pool/updates/main/w/webmin/webmin-samba_0.94-7woody3_all.deb
Size/MD5 checksum: 134254 bc70638898d2201d974cbeede4488a02
http://security.debian.org/pool/updates/main/w/webmin/webmin-sendmail_0.94-7woody3_all.deb
Size/MD5 checksum: 235266 362bdada21f7c9d6868b4b103593cb86
http://security.debian.org/pool/updates/main/w/webmin/webmin-software_0.94-7woody3_all.deb
Size/MD5 checksum: 89332 500a31253b2c7aa207dda9a301b8c325
http://security.debian.org/pool/updates/main/w/webmin/webmin-squid_0.94-7woody3_all.deb
Size/MD5 checksum: 222044 e6a595f8db937ded962582354a6a19f2
http://security.debian.org/pool/updates/main/w/webmin/webmin-sshd_0.94-7woody3_all.deb
Size/MD5 checksum: 44286 2b20ed27175c52318c937c3e14b7b0e0
http://security.debian.org/pool/updates/main/w/webmin/webmin-ssl_0.94-7woody3_all.deb
Size/MD5 checksum: 8524 3c50958c006ef46ccd1d6791dd6907d6
http://security.debian.org/pool/updates/main/w/webmin/webmin-status_0.94-7woody3_all.deb
Size/MD5 checksum: 42984 cc008a5c0670c1e2ccb3b63f841ebef6
http://security.debian.org/pool/updates/main/w/webmin/webmin-stunnel_0.94-7woody3_all.deb
Size/MD5 checksum: 26804 746be5ce521801c283f2e926621942aa
http://security.debian.org/pool/updates/main/w/webmin/webmin-wuftpd_0.94-7woody3_all.deb
Size/MD5 checksum: 111026 7e02060c23b92d5edc175b6cfa7b2f1b
http://security.debian.org/pool/updates/main/w/webmin/webmin-xinetd_0.94-7woody3_all.deb
Size/MD5 checksum: 31964 1e35a18332a9f6e753daee5e0157e362
http://security.debian.org/pool/updates/main/w/webmin/webmin_0.94-7woody3_all.deb
Size/MD5 checksum: 509128 c24ae0eb379dcdfecb2b4ac2de7351fa

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/w/webmin/webmin-grub_0.94-7woody3_i386.deb
Size/MD5 checksum: 29546 8fb9582004e9cdaa63fc97f0325ef2a8


These files will probably be moved into the stable distribution on
its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iD8DBQFBRwcDW5ql+IAeqTIRAlgVAJ9egZEMvpURgeQWqW+yPXoLzFxWlgCgpKkd
Fn/qX1Q8x9dWQbJc+4isDU4=
=i4kA
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close