Webmin And Usermin Account Lockout Bypass Vulnerability

Webmin And Usermin Account Lockout Bypass Vulnerability

Solution:
The vendor has released upgrades dealing with this issue.

Debian GNU/Linux has released advisory DSA 526-1 addressing this issue. Please see the referenced advisory for further information.

Mandrake Linux has released advisory MDKSA-2004:074 addressing this issue. Please see the referenced advisory for further information.

Turbolinux has released advisory 20050207 [TURBOLINUX SECURITY INFO] 07/Feb/2005 to address various issues. Please see the referenced advisory for more information.

Webmin Webmin 1.0 70

Mandrake webmin-1.070-1.1.91mdk.noarch.rpm
Mandrake Linux 9.1
http://www.mandrakesecure.net/en/ftp.php

Mandrake webmin-1.070-1.1.91mdk.noarch.rpm
Mandrake Linux 9.1/PPC
http://www.mandrakesecure.net/en/ftp.php

Webmin webmin-1.150.tar.gz
http://prdownloads.sourceforge.net/webadmin/webmin-1.150.tar.gz

Usermin Usermin 1.0 70

Usermin usermin-1.080.tar.gz
http://www.webmin.com/udownload.html

Webmin Webmin 1.140

Webmin webmin-1.150.tar.gz
http://prdownloads.sourceforge.net/webadmin/webmin-1.150.tar.gz