| Name | CVE-2005-3042 |
| Description | miniserv.pl in Webmin before 1.230 and Usermin before 1.160, when "full PAM conversations" is enabled, allows remote attackers to bypass authentication by spoofing session IDs via certain metacharacters (line feed or carriage return). |
| Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
| Debian Bugs | 329741, 329742 |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|---|---|---|---|---|---|
| usermin | source | (unstable) | 1.160-1 | high | 329742 | |
| webmin | source | sarge | (not affected) | |||
| webmin | source | (unstable) | 1.230-1 | high | 329741 |
[sarge] - webmin <not-affected> (Vulnerable code not present, see #329741)
SNS Advisory 83, http://marc.info:80/?m=112733083203821