exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

snsadv074.txt

snsadv074.txt
Posted Jun 14, 2004
Authored by Keigo Yamazaki

Webmin version 1.140, a web-based system administration tool for Unix, has a vulnerability that allow users to gain read access to the configuration of a module without authentication.

tags | advisory, web
systems | unix
SHA-256 | 832e4e216b40d2258786e8d36c494b2dff9a4983cb87e9a3c826f970fdbdccea

snsadv074.txt

Change Mirror Download
----------------------------------------------------------------------
SNS Advisory No.74
Webmin Access Control Rule Bypass Vulnerability

Problem first discovered on: Sun, 11 Apr 2004
Published on: Fri, 11 Jun 2004
----------------------------------------------------------------------

Overview:
---------
Webmin is prone to a vulnerability that allows attackers to read
module settings.


Problem Description:
--------------------
Webmin is a web-based system administration tool for Unix.

A vulnerability exists that could allow users to gain read access to
the configuration of a module used by Webmin without authentication.


Tested Versions:
----------------
Webmin Version 1.140


Solution:
---------
This problem can be eliminated by upgrading to Webmin version 1.150,
which is available at:

http://www.webmin.com/


Discovered by:
--------------
Keigo Yamazaki


Acknowledgements:
-----------------

Thanks to:
Mr. Jamie Cameron


Disclaimer:
-----------
The information contained in this advisory may be revised without prior
notice and is provided as it is. Users shall take their own risk when
taking any actions following reading this advisory. LAC Co., Ltd. shall
take no responsibility for any problems, loss or damage caused by, or by
the use of information provided here.

This advisory can be found at the following URL:
http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/74_e.html

------------------------------------------------------------------
Secure Net Service(SNS) Security Advisory <snsadv@lac.co.jp>
Computer Security Laboratory, LAC http://www.lac.co.jp/security/

Login or Register to add favorites

File Archive:

October 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    10 Files
  • 2
    Oct 2nd
    0 Files
  • 3
    Oct 3rd
    12 Files
  • 4
    Oct 4th
    0 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    0 Files
  • 8
    Oct 8th
    0 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close