Nessus Plugin #14526

Plugin Index

Note: This file has been created from a downloaded version of the Nessus Plugins from http://www.nessus.org/. Therefore, the information here can be outdated.

[GLSA-200406-15] Usermin: Multiple vulnerabilities

Family:
Gentoo Local Security Checks
Category:
infos
Copyright:
(C) 2004 Michel Arboi
Summary:
Usermin: Multiple vulnerabilities
Version:
$Revision: 1.1 $
Cve_id:
-
Bugtraq_id:
-
Xrefs:
GLSA:200406-15
Description:
The remote host is affected by the vulnerability described in GLSA-200406-15
(Usermin: Multiple vulnerabilities)


Usermin contains two security vulnerabilities. One fails to properly
sanitize email messages that contain malicious HTML or script code and the
other could allow an attacker to lock out a valid user by sending an
invalid username and password.

Impact

By sending a specially crafted e-mail, an attacker can execute arbitrary
scripts running in the context of the victim's browser. This can be lead to
cookie theft and potentially to compromise of user accounts. Furthermore,
an attacker could lock out legitimate users by sending invalid login
information.

Workaround

There is no known workaround at this time. All users are encouraged to
upgrade to the latest available version.

References:
http://www.securityfocus.com/bid/10521
http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/75_e.html


Solution:
Usermin users should upgrade to the latest version:
# emerge sync
# emerge -pv ">=app-admin/usermin-1.080"
# emerge ">=app-admin/usermin-1.080"


Risk Factor : Medium
Generiert am 27.04.2005 um 18:49:54 Uhr.