VuXML ID | Description |
ec89dc70-2515-11e2-8eda-000a5e1e33c6 | webmin -- potential XSS attack via real name field
The webmin updates site reports
Module: Change Passwords; Version: 1.600; Problem: Fix for potential XSS attack
via real name field; Solution: New module.
Discovery 2012-11-02 Entry 2012-11-02 webmin
< 1.600_1
http://www.webmin.com/updates.html
|
ece65d3b-c20c-11e9-8af4-bcaec55be5e5 | webmin -- unauthenticated remote code execution
Joe Cooper reports:
I've rolled out Webmin version 1.930 and Usermin version 1.780
for all repositories. This release includes several security
fixes, including one potentially serious one caused by malicious
code inserted into Webmin and Usermin at some point on our build
infrastructure. We're still investigating how and when, but the
exploitable code has never existed in our github repositories, so
we've rebuilt from git source on new infrastructure (and checked
to be sure the result does not contain the malicious code).
I don't have a changelog for these releases yet, but I wanted
to announce them immediately due to the severity of this issue.
To exploit the malicious code, your Webmin installation must have
Webmin -> Webmin Configuration -> Authentication -> Password
expiry policy set to Prompt users with expired passwords to enter
a new one. This option is not set by default, but if it is set,
it allows remote code execution.
This release addresses CVE-2019-15107, which was disclosed
earlier today. It also addresses a handful of XSS issues that we
were notified about, and a bounty was awarded to the researcher
(a different one) who found them.
Discovery 2019-08-17 Entry 2019-08-17 webmin
< 1.930
usermin
< 1.780
https://virtualmin.com/node/66890
CVE-2019-15107
|
227475c2-09cb-11db-9156-000e0c2e438a | webmin, usermin -- arbitrary file disclosure vulnerability
The webmin development team reports:
An attacker without a login to Webmin can read the
contents of any file on the server using a specially
crafted URL. All users should upgrade to version
1.290 as soon as possible, or setup IP access control
in Webmin.
Discovery 2006-06-30 Entry 2006-07-02 webmin
< 1.290
usermin
< 1.220
18744
http://www.webmin.com/security.html
|
bb33981a-7ac6-11da-bf72-00123f589060 | perl, webmin, usermin -- perl format string integer wrap vulnerability
The Perl Development page reports:
Dyad Security recently released a security advisory explaining how
in certain cases, a carefully crafted format string passed to
sprintf can cause a buffer overflow. This buffer overflow can then
be used by an attacker to execute code on the machine. This was
discovered in the context of a design problem with the Webmin
administration package that allowed a malicious user to pass
unchecked data into sprintf.
Discovery 2005-09-23 Entry 2006-02-15 perl
ge 5.6.0 lt 5.6.2
ge 5.8.0 lt 5.8.7_1
webmin
< 1.250
usermin
< 1.180
15629
CVE-2005-3912
CVE-2005-3962
http://dev.perl.org/perl5/news/2005/perl_patches_fix_sprintf_buffer.html
http://www.dyadsecurity.com/perl-0002.html
http://www.dyadsecurity.com/webmin-0001.html
http://www.webmin.com/security.html
|
ae7b7f65-05c7-11d9-b45d-000c41e2cdad | webmin -- insecure temporary file creation at installation time
The Webmin developers documented a security issue in the
release notes for version 1.160:
Fixed a security hole in the maketemp.pl script, used
to create the /tmp/.webmin directory at install time. If
an un-trusted user creates this directory before Webmin
is installed, he could create in it a symbolic link
pointing to a critical file on the system, which would be
overwritten when Webmin writes to the link filename.
Discovery 2004-09-05 Entry 2004-09-14 Modified 2004-09-15 webmin
< 1.150_5
CVE-2004-0559
http://www.webmin.com/changes-1.160.html
|
12b7286f-16a2-11dc-b803-0016179b2dd5 | webmin -- cross site scripting vulnerability
Secunia reports:
Input passed to unspecified parameters in pam_login.cgi
is not properly sanitised before being returned to the
user. This can be exploited to execute arbitrary HTML and
script code in a user's browser session in context of an
affected site.
Discovery 2007-06-01 Entry 2007-06-09 Modified 2010-05-12 webmin
< 1.350
24381
CVE-2007-3156
http://secunia.com/advisories/25580/
http://www.webmin.com/changes-1.350.html
|