karasz
/
package-update
1
0
Fork 0
Code Issues Releases Activity
Browse Source

[webmin] Updated (1.300 -> 1.410) : SECURITY - CRITICAL 

CVE-2007-1276 (Medium) :
Multiple cross-site scripting (XSS) vulnerabilities in chooser.cgi in Webmin before 1.330 and
Usermin before 1.260 allow remote attackers to inject arbitrary web script or HTML via a crafted
filename.

CVE-2007-3156 (Medium) :
Multiple cross-site scripting (XSS) vulnerabilities in pam_login.cgi in Webmin before 1.350 and
Usermin before 1.280 allow remote attackers to inject arbitrary web script or HTML via the (1) cid,
(2) message, or (3) question parameter. NOTE: some of these details are obtained from third
party information.

CVE-2007-5066 (High) :
Unspecified vulnerability in Webmin before 1.370 on Windows allows remote authenticated users
to execute arbitrary commands via a crafted URL.

CVE-2008-0720 (Medium) :
Cross-site scripting (XSS) vulnerability in Webmin 1.370 and 1.390 and Usermin 1.300 and 1.320
allows remote attackers to inject arbitrary web script or HTML via the search parameter to
webmin_search.cgi (aka the search section), and possibly other components accessed through
a "search box" or "open file box." NOTE: some of these details are obtained from third party
information.
early
Aldas Nabazas 17 years ago
parent
a5bde43bb6
commit
e67310a6d9
2 changed files with 17 additions and 18 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 27
      network/webmin/nodefuser.patch
  2. 8
      network/webmin/webmin.desc

27
network/webmin/nodefuser.patch
Unescape View File

@ -2,6 +2,7 @@
# This copyright note is auto-generated by ./scripts/Create-CopyPatch.
#
# Filename: package/.../webmin/nodefuser.patch
# Copyright (C) 2008 The OpenSDE Project
# Copyright (C) 2004 - 2006 The T2 SDE Project
# Copyright (C) 1998 - 2003 Clifford Wolf
#
@ -15,9 +16,10 @@
# version.
# --- SDE-COPYRIGHT-NOTE-END ---
--- ./setup.sh.orig 2005-01-24 19:15:16.000000000 -0300
+++ ./setup.sh 2005-02-12 11:19:41.308502117 -0300
@@ -438,7 +438,6 @@
diff -Nur webmin-1.410-orig/setup.sh webmin-1.410/setup.sh
--- webmin-1.410-orig/setup.sh 2008-04-20 14:07:39.000000000 +0000
+++ webmin-1.410/setup.sh 2008-04-20 14:13:43.000000000 +0000
@@ -456,7 +456,6 @@
echo "Webmin does not support being started at boot time on your system."
fi
fi
@ -25,7 +27,7 @@
# Copy files to target directory
echo "***********************************************************************"
@@ -455,8 +454,8 @@
@@ -473,8 +472,8 @@
echo "Creating web server config files.."
cfile=$config_dir/miniserv.conf
echo "port=$port" >> $cfile
@ -36,7 +38,7 @@
echo "addtype_cgi=internal/cgi" >> $cfile
echo "realm=Webmin Server" >> $cfile
echo "logfile=$var_dir/miniserv.log" >> $cfile
@@ -490,15 +489,7 @@
@@ -517,15 +516,7 @@
md5pass=`$perl -e 'print crypt("test", "\\$1\\$A9wB3O18\\$zaZgqrEmb9VNltWTL454R/") eq "\\$1\\$A9wB3O18\\$zaZgqrEmb9VNltWTL454R/" ? "1\n" : "0\n"'`
ufile=$config_dir/miniserv.users
@ -53,29 +55,29 @@
chmod 600 $ufile
echo "userfile=$ufile" >> $cfile
@@ -535,11 +526,7 @@
@@ -562,11 +553,7 @@
echo "Creating access control file.."
afile=$config_dir/webmin.acl
rm -f $afile
- if [ "$defaultmods" = "" ]; then
- echo "$login: $allmods" >> $afile
- echo $login: $defaultallmods >> $afile
- else
- echo "$login: $defaultmods" >> $afile
- echo $login: $defaultmods >> $afile
- fi
+ touch $afile
chmod 600 $afile
echo "..done"
echo ""
@@ -560,7 +547,7 @@
@@ -587,7 +574,7 @@
echo "Creating start and stop scripts.."
rm -f $config_dir/stop $config_dir/start $config_dir/restart
rm -f $config_dir/stop $config_dir/start $config_dir/restart $config_dir/reload
echo "#!/bin/sh" >>$config_dir/start
-echo "echo Starting Webmin server in $wadir" >>$config_dir/start
+echo "echo Starting Webmin server in $prefix" >>$config_dir/start
echo "trap '' 1" >>$config_dir/start
echo "LANG=" >>$config_dir/start
echo "export LANG" >>$config_dir/start
@@ -571,13 +558,13 @@
@@ -598,13 +585,13 @@
echo "export PERLLIB" >>$config_dir/start
uname -a | grep -i 'HP/*UX' >/dev/null
if [ $? = "0" ]; then
@ -90,5 +92,4 @@
-echo "echo Stopping Webmin server in $wadir" >>$config_dir/stop
+echo "echo Stopping Webmin server in $prefix" >>$config_dir/stop
echo "pidfile=\`grep \"^pidfile=\" $config_dir/miniserv.conf | sed -e 's/pidfile=//g'\`" >>$config_dir/stop
echo "kill \`cat \$pidfile\`" >>$config_dir/stop
echo "kill \`cat \$pidfile\`" >>$config_dir/stop

8
network/webmin/webmin.desc
Unescape View File

@ -1,9 +1,8 @@
[COPY] --- SDE-COPYRIGHT-NOTE-BEGIN ---
[COPY] This copyright note is auto-generated by ./scripts/Create-CopyPatch.
[COPY]
[COPY] Filename: package/.../webmin/webmin.desc
[COPY] Copyright (C) 2006 The OpenSDE Project
[COPY] Copyright (C) 2006 - 2008 The OpenSDE Project
[COPY] Copyright (C) 2004 - 2006 The T2 SDE Project
[COPY] Copyright (C) 1998 - 2003 Clifford Wolf
[COPY]
@ -35,8 +34,7 @@
[L] BSD
[S] Stable
[V] 1.300
[V] 1.410
[P] X -----5---9 163.300
[D] 192740486 webmin-1.300.tar.gz http://dl.sourceforge.net/sourceforge/webadmin/
[D] 2161036824 webmin-1.410.tar.gz http://dl.sourceforge.net/sourceforge/webadmin/

Write Preview
Loading…
Cancel
Save