CVE-2005-3042

NameCVE-2005-3042
Descriptionminiserv.pl in Webmin before 1.230 and Usermin before 1.160, when "full PAM conversations" is enabled, allows remote attackers to bypass authentication by spoofing session IDs via certain metacharacters (line feed or carriage return).
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs329741, 329742

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
userminsource(unstable)1.160-1high329742
webminsourcesarge(not affected)
webminsource(unstable)1.230-1high329741

Notes

[sarge] - webmin <not-affected> (Vulnerable code not present, see #329741)
SNS Advisory 83, http://marc.info:80/?m=112733083203821
Search for package or bug name: Reporting problems