Mandriva Linux Security Update Advisory - Miniserv.pl in Webmin 1.220, when full PAM conversations is enabled, allows remote attackers to bypass authentication by spoofing session IDs via certain metacharacters (line feed or carriage return).
a2567dded228c5c8e1ec16208f680d5d1cc3614ecdb6712bdc01b2a5284525a6
Gentoo Linux Security Advisory GLSA 200509-17 - Keigo Yamazaki discovered that the miniserv.pl webserver, used in both Webmin and Usermin, does not properly validate authentication credentials before sending them to the PAM (Pluggable Authentication Modules) authentication process. The default configuration shipped with Gentoo does not enable the full PAM conversations option and is therefore unaffected by this flaw. Versions less than 1.230 are affected.
a2b323a8185b1247befd647c72d00f474b4dae1d7389cfb354d32de11d1f3ec6