Nessus Plugin #14526
Plugin Index
Note: This file has been created from a
downloaded version of the Nessus Plugins
from
http://www.nessus.org/.
Therefore, the information here can be outdated.
[GLSA-200406-15] Usermin: Multiple vulnerabilities
- Family:
- Gentoo Local Security Checks
- Category:
- infos
- Copyright:
- (C) 2004 Michel Arboi
- Summary:
- Usermin: Multiple vulnerabilities
- Version:
- $Revision: 1.1 $
- Cve_id:
- -
- Bugtraq_id:
- -
- Xrefs:
- GLSA:200406-15
- Description:
- The remote host is affected by the vulnerability described in GLSA-200406-15
(Usermin: Multiple vulnerabilities)
Usermin contains two security vulnerabilities. One fails to properly
sanitize email messages that contain malicious HTML or script code and the
other could allow an attacker to lock out a valid user by sending an
invalid username and password.
Impact
By sending a specially crafted e-mail, an attacker can execute arbitrary
scripts running in the context of the victim's browser. This can be lead to
cookie theft and potentially to compromise of user accounts. Furthermore,
an attacker could lock out legitimate users by sending invalid login
information.
Workaround
There is no known workaround at this time. All users are encouraged to
upgrade to the latest available version.
References:
http://www.securityfocus.com/bid/10521
http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/75_e.html
Solution:
Usermin users should upgrade to the latest version:
# emerge sync
# emerge -pv ">=app-admin/usermin-1.080"
# emerge ">=app-admin/usermin-1.080"
Risk Factor : Medium
Generiert am 27.04.2005 um 18:49:54 Uhr.