| Vulnerability Name: | CVE-2005-3912 (CCN-23277) | ||||||||
| Assigned: | 2005-11-29 | ||||||||
| Published: | 2005-11-29 | ||||||||
| Updated: | 2019-04-03 | ||||||||
| Summary: | Format string vulnerability in miniserv.pl Perl web server in Webmin before 1.250 and Usermin before 1.180, with syslog logging enabled, allows remote attackers to cause a denial of service (crash or memory consumption) and possibly execute arbitrary code via format string specifiers in the username parameter to the login form, which is ultimately used in a syslog call. Note: the code execution might be associated with an issue in Perl. | ||||||||
| CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
| CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Denial of Service | ||||||||
| References: | Source: CCN Type: BugTraq Mailing List, Fri Dec 02 2005 - 02:56:14 CST Format String Vulnerabilities in Perl Programs Source: CCN Type: Full-Disclosure Mailing List, Tue Nov 29 2005 - 04:07:10 CST Webmin miniserv.pl format string vulnerability Source: MITRE Type: CNA CVE-2005-3912 Source: MLIST Type: Patch, Third Party Advisory [Dailydave] 20051129 Webmin miniserv.pl format string vulnerability Source: CCN Type: SA17749 Webmin "miniserv.pl" Perl Format String Vulnerability Source: SECUNIA Type: Patch, Third Party Advisory 17749 Source: CCN Type: SA17817 Usermin "miniserv.pl" Perl Format String Vulnerability Source: SECUNIA Type: Third Party Advisory 17817 Source: SECUNIA Type: Third Party Advisory 17878 Source: SECUNIA Type: Third Party Advisory 17942 Source: SECUNIA Type: Third Party Advisory 18101 Source: SECUNIA Type: Third Party Advisory 22556 Source: DEBIAN Type: Third Party Advisory DSA-1199 Source: DEBIAN Type: DSA-1199 webmin -- multiple vulnerabilities Source: MISC Type: Patch, Third Party Advisory http://www.dyadsecurity.com/webmin-0001.html Source: CCN Type: GLSA-200512-02 Webmin, Usermin: Format string vulnerability Source: GENTOO Type: Third Party Advisory GLSA-200512-02 Source: MANDRIVA Type: Third Party Advisory MDKSA-2005:223 Source: SUSE Type: Third Party Advisory SUSE-SR:2005:030 Source: CCN Type: OSVDB ID: 21222 Webmin/Usermin miniserv.pl Format String Remote Code Execution Source: BUGTRAQ Type: Third Party Advisory, VDB Entry 20051129 Webmin miniserv.pl format string vulnerability Source: CCN Type: BID-15629 Perl Perl_sv_vcatpvfn Format String Integer Wrap Vulnerability Source: VUPEN Type: Third Party Advisory ADV-2005-2660 Source: CONFIRM Type: Vendor Advisory http://www.webmin.com/changes-1.250.html Source: CONFIRM Type: Vendor Advisory http://www.webmin.com/security.html Source: CONFIRM Type: Vendor Advisory http://www.webmin.com/uchanges-1.180.html Source: CCN Type: Webmin Web site Webmin Source: XF Type: UNKNOWN webmin-miniserv-username-format-string(23277) Source: CCN Type: IBM Internet Security Systems X-Force Database Perl perl_sv_vcatpvfn() format string integer overflow Source: SUSE Type: SUSE-SR:2005:030 SUSE Security Summary Report | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| Oval Definitions | |||||||||
| |||||||||
| BACK | |||||||||