Critical

CVE-2003-0101 - Unspecified vulnerability in multiple products

Publication: 2003-03-03
Summary

miniserv.pl in (1) Webmin before 1.070 and (2) Usermin before 1.000 does not properly handle metacharacters such as line feeds and carriage returns (CRLF) in Base-64 encoded strings during Basic authentication, which allows remote attackers to spoof a session ID and gain root privileges.

Risk level (CVSS 10)

Critical

10.0

Access Vector

  • Network
  • Adjacent Network
  • Local

Access Complexity

  • Low
  • Medium
  • High

Authentication

  • None
  • Single
  • Multiple

Confident. Impact

  • Complete
  • Partial
  • None

Integrity Impact

  • Complete
  • Partial
  • None

Affected Products

  • Usermin Usermin 0.4
  • Usermin Usermin 0.5
  • Usermin Usermin 0.6
  • Usermin Usermin 0.7
  • Usermin Usermin 0.8
  • Usermin Usermin 0.9
  • Usermin Usermin 0.91
  • Usermin Usermin 0.92
  • Usermin Usermin 0.93
  • Usermin Usermin 0.94
  • Usermin Usermin 0.95
  • Usermin Usermin 0.96
  • Usermin Usermin 0.97
  • Usermin Usermin 0.98
  • Usermin Usermin 0.99
  • Webmin Webmin 1.0.50
  • Webmin Webmin 1.0.60
  • Engardelinux Guardian Digital Webtool 1.2