CVE-2005-3042

Published: Sep 22, 2005Modified: Apr 16, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

miniserv.pl in Webmin before 1.230 and Usermin before 1.160, when "full PAM conversations" is enabled, allows remote attackers to bypass authentication by spoofing session IDs via certain metacharacters (line feed or carriage return).

Affected (2)

Products: Usermin: Usermin · Webmin: Webmin

1 product

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Usermin Usermin	Version 1.150
Webmin Webmin	Version 1.2.20

References (28)

http://archives.neohapsis.com/archives/bugtraq/2005-09/0257.html

Source: cve@mitre.org

PatchVendor Advisory

http://jvn.jp/jp/JVN%2340940493/index.html

Source: cve@mitre.org

http://secunia.com/advisories/16858

Source: cve@mitre.org

PatchVendor Advisory

http://secunia.com/advisories/17282

Source: cve@mitre.org

http://securityreason.com/securityalert/17

Source: cve@mitre.org

http://www.gentoo.org/security/en/glsa/glsa-200509-17.xml

Source: cve@mitre.org

http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/83_e.html

Source: cve@mitre.org

PatchVendor Advisory

http://www.mandriva.com/security/advisories?name=MDKSA-2005:176

Source: cve@mitre.org

http://www.novell.com/linux/security/advisories/2005_24_sr.html

Source: cve@mitre.org

http://www.osvdb.org/19575

Source: cve@mitre.org

http://www.securityfocus.com/bid/14889

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2005/1791

Source: cve@mitre.org

http://www.webmin.com/changes-1.230.html

Source: cve@mitre.org

Patch

http://www.webmin.com/uchanges-1.160.html

Source: cve@mitre.org

http://archives.neohapsis.com/archives/bugtraq/2005-09/0257.html