|
|
Info |
Last Modified |
| 6 months ago |
|
|
|
|
Description |
Webmin and Usermin both contain a flaw that may allow a malicious user to gain access. The issue is due to a lack of proper sanitization for input supplied to the miniserv.pl script. If an attacker has knowledge of a valid username, that person can spoof a session ID, which is then added to the access control list, giving the attacker full access to the system (and thus root privileges on the system running the vulnerable program).
|
|
Classification |
Location:
Remote/Network Access Required
Attack Type:
Authentication Management,
Input Manipulation
Impact:
Loss of Integrity
Exploit:
Exploit Available
Disclosure:
OSVDB Verified
OSVDB:
Web Related
|
|
Solution |
Upgrade to version 1.070 or higher for Webmin and 1.000 or higher for Usermin, as these versions are known to fix this vulnerability. An upgrade is required as there are no known workarounds.
|
|
Products |
|
Webmin
 |
0.x |
1.060 |
1.050 |
1.040 |
1.030 |
1.020 |
1.000 |
Usermin
|
0.x |
|
|
|
|
|
|
Credit |
- Keigo Yamazaki - Little eArth Corporation
- Cintia M. Imanishi - Little eArth Corporation
|
|
BlogsProvided by Technorati
|
None found at this time
|
|
|
