1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198
|
# This script was automatically generated from the dsa-526
# Debian Security Advisory
# It is released under the Nessus Script Licence.
# Advisory is copyright 1997-2004 Software in the Public Interest, Inc.
# See http://www.debian.org/license
# DSA2nasl Convertor is copyright 2004 Michel Arboi
if (! defined_func('bn_random')) exit(0);
desc = '
Two vulnerabilities were discovered in webmin:
CVE-2004-0582: Unknown vulnerability in Webmin 1.140 allows remote
attackers to bypass access control rules and gain read access to
configuration information for a module.
CVE-2004-0583: The account lockout functionality in (1) Webmin 1.140
and (2) Usermin 1.070 does not parse certain character strings, which
allows remote attackers to conduct a brute force attack to guess user
IDs and passwords.
For the current stable distribution (woody), these problems have been
fixed in version 0.94-7woody2.
For the unstable distribution (sid), these problems have been fixed in
version 1.150-1.
We recommend that you update your webmin package.
Solution : http://www.debian.org/security/2004/dsa-526
Risk factor : High';
if (description) {
script_id(15363);
script_version("$Revision: 1.7 $");
script_xref(name: "DSA", value: "526");
script_cve_id("CVE-2004-0582", "CVE-2004-0583");
script_bugtraq_id(10474);
script_description(english: desc);
script_copyright(english: "This script is (C) 2005 Michel Arboi <mikhail@nessus.org>");
script_name(english: "[DSA526] DSA-526-1 webmin");
script_category(ACT_GATHER_INFO);
script_family(english: "Debian Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/Debian/dpkg-l");
script_summary(english: "DSA-526-1 webmin");
exit(0);
}
include("debian_package.inc");
w = 0;
if (deb_check(prefix: 'webmin', release: '3.0', reference: '0.94-7woody2')) {
w ++;
if (report_verbosity > 0) desc = strcat(desc, '\nThe package webmin is vulnerable in Debian 3.0.\nUpgrade to webmin_0.94-7woody2\n');
}
if (deb_check(prefix: 'webmin-apache', release: '3.0', reference: '0.94-7woody2')) {
w ++;
if (report_verbosity > 0) desc = strcat(desc, '\nThe package webmin-apache is vulnerable in Debian 3.0.\nUpgrade to webmin-apache_0.94-7woody2\n');
}
if (deb_check(prefix: 'webmin-bind8', release: '3.0', reference: '0.94-7woody2')) {
w ++;
if (report_verbosity > 0) desc = strcat(desc, '\nThe package webmin-bind8 is vulnerable in Debian 3.0.\nUpgrade to webmin-bind8_0.94-7woody2\n');
}
if (deb_check(prefix: 'webmin-burner', release: '3.0', reference: '0.94-7woody2')) {
w ++;
if (report_verbosity > 0) desc = strcat(desc, '\nThe package webmin-burner is vulnerable in Debian 3.0.\nUpgrade to webmin-burner_0.94-7woody2\n');
}
if (deb_check(prefix: 'webmin-cluster-software', release: '3.0', reference: '0.94-7woody2')) {
w ++;
if (report_verbosity > 0) desc = strcat(desc, '\nThe package webmin-cluster-software is vulnerable in Debian 3.0.\nUpgrade to webmin-cluster-software_0.94-7woody2\n');
}
if (deb_check(prefix: 'webmin-cluster-useradmin', release: '3.0', reference: '0.94-7woody2')) {
w ++;
if (report_verbosity > 0) desc = strcat(desc, '\nThe package webmin-cluster-useradmin is vulnerable in Debian 3.0.\nUpgrade to webmin-cluster-useradmin_0.94-7woody2\n');
}
if (deb_check(prefix: 'webmin-core', release: '3.0', reference: '0.94-7woody2')) {
w ++;
if (report_verbosity > 0) desc = strcat(desc, '\nThe package webmin-core is vulnerable in Debian 3.0.\nUpgrade to webmin-core_0.94-7woody2\n');
}
if (deb_check(prefix: 'webmin-cpan', release: '3.0', reference: '0.94-7woody2')) {
w ++;
if (report_verbosity > 0) desc = strcat(desc, '\nThe package webmin-cpan is vulnerable in Debian 3.0.\nUpgrade to webmin-cpan_0.94-7woody2\n');
}
if (deb_check(prefix: 'webmin-dhcpd', release: '3.0', reference: '0.94-7woody2')) {
w ++;
if (report_verbosity > 0) desc = strcat(desc, '\nThe package webmin-dhcpd is vulnerable in Debian 3.0.\nUpgrade to webmin-dhcpd_0.94-7woody2\n');
}
if (deb_check(prefix: 'webmin-exports', release: '3.0', reference: '0.94-7woody2')) {
w ++;
if (report_verbosity > 0) desc = strcat(desc, '\nThe package webmin-exports is vulnerable in Debian 3.0.\nUpgrade to webmin-exports_0.94-7woody2\n');
}
if (deb_check(prefix: 'webmin-fetchmail', release: '3.0', reference: '0.94-7woody2')) {
w ++;
if (report_verbosity > 0) desc = strcat(desc, '\nThe package webmin-fetchmail is vulnerable in Debian 3.0.\nUpgrade to webmin-fetchmail_0.94-7woody2\n');
}
if (deb_check(prefix: 'webmin-grub', release: '3.0', reference: '0.94-7woody2')) {
w ++;
if (report_verbosity > 0) desc = strcat(desc, '\nThe package webmin-grub is vulnerable in Debian 3.0.\nUpgrade to webmin-grub_0.94-7woody2\n');
}
if (deb_check(prefix: 'webmin-heartbeat', release: '3.0', reference: '0.94-7woody2')) {
w ++;
if (report_verbosity > 0) desc = strcat(desc, '\nThe package webmin-heartbeat is vulnerable in Debian 3.0.\nUpgrade to webmin-heartbeat_0.94-7woody2\n');
}
if (deb_check(prefix: 'webmin-inetd', release: '3.0', reference: '0.94-7woody2')) {
w ++;
if (report_verbosity > 0) desc = strcat(desc, '\nThe package webmin-inetd is vulnerable in Debian 3.0.\nUpgrade to webmin-inetd_0.94-7woody2\n');
}
if (deb_check(prefix: 'webmin-jabber', release: '3.0', reference: '0.94-7woody2')) {
w ++;
if (report_verbosity > 0) desc = strcat(desc, '\nThe package webmin-jabber is vulnerable in Debian 3.0.\nUpgrade to webmin-jabber_0.94-7woody2\n');
}
if (deb_check(prefix: 'webmin-lpadmin', release: '3.0', reference: '0.94-7woody2')) {
w ++;
if (report_verbosity > 0) desc = strcat(desc, '\nThe package webmin-lpadmin is vulnerable in Debian 3.0.\nUpgrade to webmin-lpadmin_0.94-7woody2\n');
}
if (deb_check(prefix: 'webmin-mon', release: '3.0', reference: '0.94-7woody2')) {
w ++;
if (report_verbosity > 0) desc = strcat(desc, '\nThe package webmin-mon is vulnerable in Debian 3.0.\nUpgrade to webmin-mon_0.94-7woody2\n');
}
if (deb_check(prefix: 'webmin-mysql', release: '3.0', reference: '0.94-7woody2')) {
w ++;
if (report_verbosity > 0) desc = strcat(desc, '\nThe package webmin-mysql is vulnerable in Debian 3.0.\nUpgrade to webmin-mysql_0.94-7woody2\n');
}
if (deb_check(prefix: 'webmin-nis', release: '3.0', reference: '0.94-7woody2')) {
w ++;
if (report_verbosity > 0) desc = strcat(desc, '\nThe package webmin-nis is vulnerable in Debian 3.0.\nUpgrade to webmin-nis_0.94-7woody2\n');
}
if (deb_check(prefix: 'webmin-postfix', release: '3.0', reference: '0.94-7woody2')) {
w ++;
if (report_verbosity > 0) desc = strcat(desc, '\nThe package webmin-postfix is vulnerable in Debian 3.0.\nUpgrade to webmin-postfix_0.94-7woody2\n');
}
if (deb_check(prefix: 'webmin-postgresql', release: '3.0', reference: '0.94-7woody2')) {
w ++;
if (report_verbosity > 0) desc = strcat(desc, '\nThe package webmin-postgresql is vulnerable in Debian 3.0.\nUpgrade to webmin-postgresql_0.94-7woody2\n');
}
if (deb_check(prefix: 'webmin-ppp', release: '3.0', reference: '0.94-7woody2')) {
w ++;
if (report_verbosity > 0) desc = strcat(desc, '\nThe package webmin-ppp is vulnerable in Debian 3.0.\nUpgrade to webmin-ppp_0.94-7woody2\n');
}
if (deb_check(prefix: 'webmin-qmailadmin', release: '3.0', reference: '0.94-7woody2')) {
w ++;
if (report_verbosity > 0) desc = strcat(desc, '\nThe package webmin-qmailadmin is vulnerable in Debian 3.0.\nUpgrade to webmin-qmailadmin_0.94-7woody2\n');
}
if (deb_check(prefix: 'webmin-quota', release: '3.0', reference: '0.94-7woody2')) {
w ++;
if (report_verbosity > 0) desc = strcat(desc, '\nThe package webmin-quota is vulnerable in Debian 3.0.\nUpgrade to webmin-quota_0.94-7woody2\n');
}
if (deb_check(prefix: 'webmin-raid', release: '3.0', reference: '0.94-7woody2')) {
w ++;
if (report_verbosity > 0) desc = strcat(desc, '\nThe package webmin-raid is vulnerable in Debian 3.0.\nUpgrade to webmin-raid_0.94-7woody2\n');
}
if (deb_check(prefix: 'webmin-samba', release: '3.0', reference: '0.94-7woody2')) {
w ++;
if (report_verbosity > 0) desc = strcat(desc, '\nThe package webmin-samba is vulnerable in Debian 3.0.\nUpgrade to webmin-samba_0.94-7woody2\n');
}
if (deb_check(prefix: 'webmin-sendmail', release: '3.0', reference: '0.94-7woody2')) {
w ++;
if (report_verbosity > 0) desc = strcat(desc, '\nThe package webmin-sendmail is vulnerable in Debian 3.0.\nUpgrade to webmin-sendmail_0.94-7woody2\n');
}
if (deb_check(prefix: 'webmin-software', release: '3.0', reference: '0.94-7woody2')) {
w ++;
if (report_verbosity > 0) desc = strcat(desc, '\nThe package webmin-software is vulnerable in Debian 3.0.\nUpgrade to webmin-software_0.94-7woody2\n');
}
if (deb_check(prefix: 'webmin-squid', release: '3.0', reference: '0.94-7woody2')) {
w ++;
if (report_verbosity > 0) desc = strcat(desc, '\nThe package webmin-squid is vulnerable in Debian 3.0.\nUpgrade to webmin-squid_0.94-7woody2\n');
}
if (deb_check(prefix: 'webmin-sshd', release: '3.0', reference: '0.94-7woody2')) {
w ++;
if (report_verbosity > 0) desc = strcat(desc, '\nThe package webmin-sshd is vulnerable in Debian 3.0.\nUpgrade to webmin-sshd_0.94-7woody2\n');
}
if (deb_check(prefix: 'webmin-ssl', release: '3.0', reference: '0.94-7woody2')) {
w ++;
if (report_verbosity > 0) desc = strcat(desc, '\nThe package webmin-ssl is vulnerable in Debian 3.0.\nUpgrade to webmin-ssl_0.94-7woody2\n');
}
if (deb_check(prefix: 'webmin-status', release: '3.0', reference: '0.94-7woody2')) {
w ++;
if (report_verbosity > 0) desc = strcat(desc, '\nThe package webmin-status is vulnerable in Debian 3.0.\nUpgrade to webmin-status_0.94-7woody2\n');
}
if (deb_check(prefix: 'webmin-stunnel', release: '3.0', reference: '0.94-7woody2')) {
w ++;
if (report_verbosity > 0) desc = strcat(desc, '\nThe package webmin-stunnel is vulnerable in Debian 3.0.\nUpgrade to webmin-stunnel_0.94-7woody2\n');
}
if (deb_check(prefix: 'webmin-wuftpd', release: '3.0', reference: '0.94-7woody2')) {
w ++;
if (report_verbosity > 0) desc = strcat(desc, '\nThe package webmin-wuftpd is vulnerable in Debian 3.0.\nUpgrade to webmin-wuftpd_0.94-7woody2\n');
}
if (deb_check(prefix: 'webmin-xinetd', release: '3.0', reference: '0.94-7woody2')) {
w ++;
if (report_verbosity > 0) desc = strcat(desc, '\nThe package webmin-xinetd is vulnerable in Debian 3.0.\nUpgrade to webmin-xinetd_0.94-7woody2\n');
}
if (deb_check(prefix: 'webmin', release: '3.1', reference: '1.150-1')) {
w ++;
if (report_verbosity > 0) desc = strcat(desc, '\nThe package webmin is vulnerable in Debian 3.1.\nUpgrade to webmin_1.150-1\n');
}
if (deb_check(prefix: 'webmin', release: '3.0', reference: '0.94-7woody2')) {
w ++;
if (report_verbosity > 0) desc = strcat(desc, '\nThe package webmin is vulnerable in Debian woody.\nUpgrade to webmin_0.94-7woody2\n');
}
if (w) { security_hole(port: 0, data: desc); }
|