[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

DESA-2004-010: webmin-ldap-user-simple - Admin password leftover

- --------------------------------------------------------------------------
Debian-Edu/Skolelinux Security Advisory DESA 2004-009
http://www.skolelinux.no/security/                      Finn-Arne Johansen
July  9, 2004                 debian-edu-security@lists.alioth.debian.org
- --------------------------------------------------------------------------

Package             : webmin-ldap-user-simple
Vulnerability       : Admin password leftover
Problem-Type        : remote
Need reboot         : no
Debian-Edu-specific : yes
CVE ID              : 
DSA ID              : 

A vulnerability were discovered in webmin-ldap-user-simple:

A normal user could have read the admin password, if the browser had
been borrowed by the System admin to do some stuff in wlus.

We've preparred new packages for you were the admin password is never

New packages are availible from http://ftp.skolelinux.no/skolelinux/

We recommend that you upgrade your webmin-ldap-user-simple packages
to 1.3-13.

Upgrade Instructions
- --------------------

Make sure 'deb http://ftp.skolelinux.no/skolelinux woody local' is 
present in your /etc/apt/sources.list and run 'apt-get update' to
update your package lists.

  apt-get install webmin-ldap-user-simple

- --------------------------------------------------------------------------
Mailing list: bruker@skolelinux.no, debian-edu@lists.debian.org,
              linuxiskolen@skolelinux.no, user@skolelinux.de
Package info: `apt-cache show <pkg>'

Finn-Arne Johansen 

Attachment: signature.asc
Description: Digital signature

Reply to: