FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2005-3912

This CVE name corresponds to:

Entered Topic
2006-02-15 perl, webmin, usermin -- perl format string integer wrap vulnerability

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2005-3912 at cve.mitre.org

Details

Type Candidate
Name CVE-2005-3912
Phase Assigned(20051130)

Description

Format string vulnerability in miniserv.pl Perl web server in Webmin before 1.250 and Usermin before 1.180, with syslog logging enabled, allows remote attackers to cause a denial of service (crash or memory consumption) and possibly execute arbitrary code via format string specifiers in the username parameter to the login form, which is ultimately used in a syslog call. NOTE: the code execution might be associated with an issue in Perl.

References

Source Reference
BUGTRAQ 20051129 Webmin miniserv.pl format string vulnerability
MLIST [Dailydave] 20051129 Webmin miniserv.pl format string vulnerability
MISC http://www.dyadsecurity.com/webmin-0001.html
CONFIRM http://www.webmin.com/security.html
CONFIRM http://www.webmin.com/changes-1.250.html
CONFIRM http://www.webmin.com/uchanges-1.180.html
DEBIAN DSA-1199
GENTOO GLSA-200512-02
MANDRIVA MDKSA-2005:223
SUSE SUSE-SR:2005:030
VUPEN ADV-2005-2660
SECUNIA 17749
SECUNIA 17817
SECUNIA 17878
SECUNIA 18101
SECUNIA 17942
SECUNIA 22556

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.