CVE-2003-0101
published 2003-03-03CVE-2003-0101: miniserv.pl in (1) Webmin before 1.070 and (2) Usermin before 1.000 does not properly handle metacharacters such as line feeds and carriage returns (CRLF) in…
PriorityP350critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
15.47%
96.4th percentile
miniserv.pl in (1) Webmin before 1.070 and (2) Usermin before 1.000 does not properly handle metacharacters such as line feeds and carriage returns (CRLF) in Base-64 encoded strings during Basic authentication, which allows remote attackers to spoof a session ID and gain root privileges.
Affected
18 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| engardelinux | guardian_digital_webtool | — | — |
| usermin | usermin | — | — |
| usermin | usermin | — | — |
| usermin | usermin | — | — |
| usermin | usermin | — | — |
| usermin | usermin | — | — |
| usermin | usermin | — | — |
| usermin | usermin | — | — |
| usermin | usermin | — | — |
| usermin | usermin | — | — |
| usermin | usermin | — | — |
| usermin | usermin | — | — |
| usermin | usermin | — | — |
| usermin | usermin | — | — |
| usermin | usermin | — | — |
| usermin | usermin | — | — |
| webmin | webmin | — | — |
| webmin | webmin | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Tcpdump - bgp_update_print Remote Denial of Service
exploitdb·2005-06-09
CVE-2005-1267 Tcpdump - bgp_update_print Remote Denial of Service
Tcpdump - bgp_update_print Remote Denial of Service
---
/*
* 2005-05-31: Modified by [email protected] to test tcpdump infinite
* loop vulnerability.
*
* libnet 1.1
* Build a BGP4 update message with what you want as payload
*
* Copyright (c) 2003 Fr d ric Raynal
* All rights reserved.
*
* Examples:
*
* empty BGP UPDATE message:
*
* # ./bgp4_update -s 1.1.1.1 -d 2.2.2.2
* libnet 1.1 packet shaping: BGP4 update + payload[raw]
* Wrote 63 byte TCP packet; check the wire.
*
* 13:44:29.216135 1.1.1.1.26214 > 2.2.2.2.179: S [tcp sum ok]
* 16843009:16843032(23) win 32767: BGP (ttl 64, id 242, len 63)
* 0x0000 4500 003f 00f2 0000 4006 73c2 0101 0101 [email protected].....
* 0x0010 0202 0202 6666 00b3 0101 0101 0202 0202 ....ff..........
* 0x0020 5002 7fff b288 0000 0101 0101 0101 0101 P...............
Exploit-DB
Webmin 0.9x / Usermin 0.9x/1.0 - Access Session ID Spoofing
exploitdb·2003-02-20
CVE-2003-0101 Webmin 0.9x / Usermin 0.9x/1.0 - Access Session ID Spoofing
Webmin 0.9x / Usermin 0.9x/1.0 - Access Session ID Spoofing
---
source: https://www.securityfocus.com/bid/6915/info
A vulnerability has been discovered in the 'Miniserv.pl' script used to invoke both Webmin and Usermin. Due to insufficient sanitization of client-supplied BASE64 encoded input, it is possible to inject a Session ID into the access control list.
Successful exploitation of this vulnerability may allow an attacker to bypass typical authentication procedures, thus gaining adminstrative access to a webmin/usermin interface.
#!/usr/bin/perl
#
# Exploit for Webmin 1.050 -> 1.060 by Carl Livitt
#
# Inserts a fake session_id into the sessions list of webmin.
# Does no error checking... if remote host is not found, no
# error will be reported.
#
print "Webmin 1.050 - 1.060 Remo
No writeups or analysis indexed.
ftp://patches.sgi.com/support/free/security/advisories/20030602-01-Ihttp://archives.neohapsis.com/archives/hp/2003-q1/0063.htmlhttp://archives.neohapsis.com/archives/linux/engarde/2003-q1/0008.htmlhttp://marc.info/?l=bugtraq&m=104610245624895&w=2http://marc.info/?l=bugtraq&m=104610300325629&w=2http://marc.info/?l=bugtraq&m=104610336226274&w=2http://marc.info/?l=webmin-announce&m=104587858408101&w=2http://secunia.com/advisories/8115http://secunia.com/advisories/8163http://www.ciac.org/ciac/bulletins/n-058.shtmlhttp://www.debian.org/security/2003/dsa-319http://www.iss.net/security_center/static/11390.phphttp://www.lac.co.jp/security/english/snsadv_e/62_e.htmlhttp://www.linuxsecurity.com/advisories/gentoo_advisory-2886.htmlhttp://www.mandriva.com/security/advisories?name=MDKSA-2003:025http://www.securityfocus.com/bid/6915http://www.securitytracker.com/id?1006160ftp://patches.sgi.com/support/free/security/advisories/20030602-01-Ihttp://archives.neohapsis.com/archives/hp/2003-q1/0063.htmlhttp://archives.neohapsis.com/archives/linux/engarde/2003-q1/0008.htmlhttp://marc.info/?l=bugtraq&m=104610245624895&w=2http://marc.info/?l=bugtraq&m=104610300325629&w=2http://marc.info/?l=bugtraq&m=104610336226274&w=2http://marc.info/?l=webmin-announce&m=104587858408101&w=2http://secunia.com/advisories/8115http://secunia.com/advisories/8163http://www.ciac.org/ciac/bulletins/n-058.shtmlhttp://www.debian.org/security/2003/dsa-319http://www.iss.net/security_center/static/11390.phphttp://www.lac.co.jp/security/english/snsadv_e/62_e.htmlhttp://www.linuxsecurity.com/advisories/gentoo_advisory-2886.htmlhttp://www.mandriva.com/security/advisories?name=MDKSA-2003:025http://www.securityfocus.com/bid/6915http://www.securitytracker.com/id?1006160
2003-03-03
Published