Cisco Catalyst启用密码绕过漏洞

漏洞信息详情

Cisco Catalyst启用密码绕过漏洞

• CNNVD编号：CNNVD-200412-1201
• 危害等级： 高危
  
  
• CVE编号：
  CVE-2004-1468
  
• 漏洞类型：
  
  
  访问验证错误
  
• 发布时间：
  
  2004-12-31
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2005-10-20
  
• 厂        商：
  
  usermin
• 漏洞来源：
  This vulnerability…

Usermin 1.x 和 Webmin 1.x版本中的网络邮件功能存在漏洞。远程攻击者可以通过电子邮件中的shell元字符来执行任意命令。

The following information has been copied from the Cisco security advisory on this topic, the advisory itself is attached in the ‘Credit’ section of this vulnerability entry:
Cisco is offering free software upgrades to remedy this vulnerability for all affected customers.
Customers with contracts should obtain upgraded software through their regular update channels. For most customers, this means that upgrades should be obtained via the Software Center on Cisco’s Worldwide Web site at:
http://www.cisco.com.
Customers without contracts should get their upgrades by contacting the Cisco Technical Assistance Center (TAC). TAC contacts are as follows:
* +1 800 553 2447 (toll-free from within North America)
* +1 408 526 7209 (toll call from anywhere in the world)
* e-mail: tac@cisco.com
Give the URL of this notice as evidence of your entitlement to a free upgrade. Free upgrades for non-contract customers must be requested through the TAC. Please do not contact either “psirt@cisco.com” or “security-alert@cisco.com” for software upgrades.

来源: BID
名称: 1122
链接:http://www.securityfocus.com/bid/11122

来源: GENTOO
名称: GLSA-200409-15
链接:http://www.gentoo.org/security/en/glsa/glsa-200409-15.xml

来源: SECUNIA
名称: 12488
链接:http://secunia.com/advisories/12488/

来源: XF
名称: usermin-web-mail-command-execution(17293)
链接:http://xforce.iss.net/xforce/xfdb/17293

来源: www.lac.co.jp
链接:http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/77_e.html