Linux Today: Linux News On Internet Time.
Search Linux Today
Linux News Sections:  Developer -  High Performance -  Infrastructure -  IT Management -  Security -  Storage -
Linux Today Navigation
LT Home
Contribute
Contribute
Link to Us
Linux Jobs


Top White Papers

More on LinuxToday


Debian GNU/Linux Advisory: webmin

Sep 14, 2004, 20:29 (0 Talkback[s])

Debian Security Advisory DSA 544-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
September 14th, 2004 http://www.debian.org/security/faq


Package : webmin
Vulnerability : insecure temporary directory
Problem-Type : root
Debian-specific: no
CVE ID : CAN-2004-0559

Ludwig Nussel discovered a problem in webmin, a web-based administration toolkit. A temporary directory was used but without checking for the previous owner. This could allow an attacker to create the directory and place dangerous symbolic links inside.

For the stable distribution (woody) this problem has been fixed in version 0.94-7woody3.

For the unstable distribution (sid) this problem has been fixed in version 1.160-1 of webmin and 1.090-1 of usermin.

We recommend that you upgrade your webmin packages.

Upgrade Instructions


wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody


Source archives:

http://security.debian.org/pool/updates/main/w/webmin/webmin_0.94-7woody3.dsc
Size/MD5 checksum: 1126 fc3cda806f5d94666cdc2cdac03e2c75
http://security.debian.org/pool/updates/main/w/webmin/webmin_0.94-7woody3.diff.gz
Size/MD5 checksum: 63028 64e3c4f454a1d576a4c52df29554309b
http://security.debian.org/pool/updates/main/w/webmin/webmin_0.94.orig.tar.gz
Size/MD5 checksum: 4831737 114c7ca2557c17faebb627a3de7acb97

Architecture independent components:

http://security.debian.org/pool/updates/main/w/webmin/webmin-apache_0.94-7woody3_all.deb
Size/MD5 checksum: 223812 12f056498c3ace868c1964ef2d9594b1
http://security.debian.org/pool/updates/main/w/webmin/webmin-bind8_0.94-7woody3_all.deb
Size/MD5 checksum: 182144 29ff6c45d83b13a482ef93d2ae8c7e3f
http://security.debian.org/pool/updates/main/w/webmin/webmin-burner_0.94-7woody3_all.deb
Size/MD5 checksum: 32688 4482f474e97ca209348a86e51c02a92b
http://security.debian.org/pool/updates/main/w/webmin/webmin-cluster-software_0.94-7woody3_all.deb
Size/MD5 checksum: 27688 6375d52cdd6f79d7f2e1b2e2d5d9bd6c
http://security.debian.org/pool/updates/main/w/webmin/webmin-cluster-useradmin_0.94-7woody3_all.deb
Size/MD5 checksum: 30790 157df9a37fa88cb7f4de6421c43d1f16
http://security.debian.org/pool/updates/main/w/webmin/webmin-core_0.94-7woody3_all.deb
Size/MD5 checksum: 1250120 f5fd9854a550095c27ab1c88254804e4
http://security.debian.org/pool/updates/main/w/webmin/webmin-cpan_0.94-7woody3_all.deb
Size/MD5 checksum: 26596 a4bc52ed84091eb648c399547b181ad3
http://security.debian.org/pool/updates/main/w/webmin/webmin-dhcpd_0.94-7woody3_all.deb
Size/MD5 checksum: 96632 36f8e9ed58c3f3f67146c0f3e5074d29
http://security.debian.org/pool/updates/main/w/webmin/webmin-exports_0.94-7woody3_all.deb
Size/MD5 checksum: 54808 9e9119bc090c28d5119daec9bf654f62
http://security.debian.org/pool/updates/main/w/webmin/webmin-fetchmail_0.94-7woody3_all.deb
Size/MD5 checksum: 27354 294e18b992f187865f85b2fc0d0abf80
http://security.debian.org/pool/updates/main/w/webmin/webmin-heartbeat_0.94-7woody3_all.deb
Size/MD5 checksum: 21776 f58063b055e6e0b429f15f1c9c578d2f
http://security.debian.org/pool/updates/main/w/webmin/webmin-inetd_0.94-7woody3_all.deb
Size/MD5 checksum: 48056 1db1b493a9088de2134891d5f0a9d23c
http://security.debian.org/pool/updates/main/w/webmin/webmin-jabber_0.94-7woody3_all.deb
Size/MD5 checksum: 31468 65d7199bd25d1f62ff376c0ad7e78a97
http://security.debian.org/pool/updates/main/w/webmin/webmin-lpadmin_0.94-7woody3_all.deb
Size/MD5 checksum: 103788 1920d9302034a175a6d3b00ca6f5dcf6
http://security.debian.org/pool/updates/main/w/webmin/webmin-mon_0.94-7woody3_all.deb
Size/MD5 checksum: 62498 ee4befa8d564ddb45b38643a62c61cfb
http://security.debian.org/pool/updates/main/w/webmin/webmin-mysql_0.94-7woody3_all.deb
Size/MD5 checksum: 119200 60eefbffc7c1a8a30807623b2fb078e4
http://security.debian.org/pool/updates/main/w/webmin/webmin-nis_0.94-7woody3_all.deb
Size/MD5 checksum: 62634 16ebd24ca1d45a7f3e76361fa5bda345
http://security.debian.org/pool/updates/main/w/webmin/webmin-postfix_0.94-7woody3_all.deb
Size/MD5 checksum: 196726 4d671bfbd3e1e2c8d6b3f9c8ecf93e3a
http://security.debian.org/pool/updates/main/w/webmin/webmin-postgresql_0.94-7woody3_all.deb
Size/MD5 checksum: 77564 f0b30ff5b2e01e9aa1e358f2a517e92a
http://security.debian.org/pool/updates/main/w/webmin/webmin-ppp_0.94-7woody3_all.deb
Size/MD5 checksum: 20840 8a7057272358f236075ae24aae4dfd9c
http://security.debian.org/pool/updates/main/w/webmin/webmin-qmailadmin_0.94-7woody3_all.deb
Size/MD5 checksum: 38028 4a8ef1a18d7d526f061e2924b83e238d
http://security.debian.org/pool/updates/main/w/webmin/webmin-quota_0.94-7woody3_all.deb
Size/MD5 checksum: 87994 bc7ec88cc7cf4556f8554d26b44063d3
http://security.debian.org/pool/updates/main/w/webmin/webmin-raid_0.94-7woody3_all.deb
Size/MD5 checksum: 35802 ec1761610e6a141705505abc407b5690
http://security.debian.org/pool/updates/main/w/webmin/webmin-samba_0.94-7woody3_all.deb
Size/MD5 checksum: 134254 bc70638898d2201d974cbeede4488a02
http://security.debian.org/pool/updates/main/w/webmin/webmin-sendmail_0.94-7woody3_all.deb
Size/MD5 checksum: 235266 362bdada21f7c9d6868b4b103593cb86
http://security.debian.org/pool/updates/main/w/webmin/webmin-software_0.94-7woody3_all.deb
Size/MD5 checksum: 89332 500a31253b2c7aa207dda9a301b8c325
http://security.debian.org/pool/updates/main/w/webmin/webmin-squid_0.94-7woody3_all.deb
Size/MD5 checksum: 222044 e6a595f8db937ded962582354a6a19f2
http://security.debian.org/pool/updates/main/w/webmin/webmin-sshd_0.94-7woody3_all.deb
Size/MD5 checksum: 44286 2b20ed27175c52318c937c3e14b7b0e0
http://security.debian.org/pool/updates/main/w/webmin/webmin-ssl_0.94-7woody3_all.deb
Size/MD5 checksum: 8524 3c50958c006ef46ccd1d6791dd6907d6
http://security.debian.org/pool/updates/main/w/webmin/webmin-status_0.94-7woody3_all.deb
Size/MD5 checksum: 42984 cc008a5c0670c1e2ccb3b63f841ebef6
http://security.debian.org/pool/updates/main/w/webmin/webmin-stunnel_0.94-7woody3_all.deb
Size/MD5 checksum: 26804 746be5ce521801c283f2e926621942aa
http://security.debian.org/pool/updates/main/w/webmin/webmin-wuftpd_0.94-7woody3_all.deb
Size/MD5 checksum: 111026 7e02060c23b92d5edc175b6cfa7b2f1b
http://security.debian.org/pool/updates/main/w/webmin/webmin-xinetd_0.94-7woody3_all.deb
Size/MD5 checksum: 31964 1e35a18332a9f6e753daee5e0157e362
http://security.debian.org/pool/updates/main/w/webmin/webmin_0.94-7woody3_all.deb
Size/MD5 checksum: 509128 c24ae0eb379dcdfecb2b4ac2de7351fa

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/w/webmin/webmin-grub_0.94-7woody3_i386.deb
Size/MD5 checksum: 29546 8fb9582004e9cdaa63fc97f0325ef2a8

These files will probably be moved into the stable distribution on its next update.


For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>