exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

SNS Advisory 83

SNS Advisory 83
Posted Sep 23, 2005
Authored by Keigo Yamazaki, Little eArth Corporation | Site lac.co.jp

SNS Advisory 83 - A vulnerability that could result in session ID spoofing exists in miniserv.pl, which is a webserver program that is utilized by Webmin and Usermin. Webmin version 1.220 and Usermin version 1.150 are affected.

tags | advisory, spoof
SHA-256 | 4f1c462a6d055766252844ffc3c1e34389177f4019beef3335aa8c2152e47e35

SNS Advisory 83

Change Mirror Download
------------------------------------------------------------------
SNS Advisory No.83
Webmin/Usermin PAM Authentication Bypass Vulnerability

Problem first discovered on: Sun, 04 Sep 2005
Published on: Tue, 20 Sep 2005
------------------------------------------------------------------

Severity Level:
---------------
High


Overview:
---------
A vulnerability that could result in a session ID spoofing exists in
miniserv.pl, which is a webserver program that gets both Webmin and
Usermin to run.


Problem Description:
--------------------
Webmin is a web-based system administration tool for Unix. Usermin
is a web interface that allows all users on a Unix system to easily
receive mails and to perform SSH and mail forwarding configuration.

Miniserv.pl is a webserver program that both Webmin and Usermin
to run. Miniserv.pl carries out named pipe communication between the
parent and the child process during the creation and Confirmation of
effectiveness of a session ID (session used for access control via
the Web).

Miniserv.pl does not check whether metacharacters, such as line feed
or carriage return, are included with user supplied strings during the
PAM(Pluggable Authentication Modules) authentication process.

Exploitation therefore, could make it possible for attackers to bypass
authentication and execute arbitrary command as root.


Tested Versions:
----------------
Webmin Version : 1.220
Usermin Version : 1.150


Solution:
---------
This problem can be eliminated by upgrading to Webmin version 1.230 and
to Usermin version 1.160, which are available at:

http://www.webmin.com/


Discovered by:
--------------
Keigo Yamazaki (LAC)


Thanks to:
----------
This SNS Advisory is being published in coordination with Information-technology
Promotion Agency, Japan (IPA) and JPCERT/CC.

http://jvn.jp/jp/JVN%2340940493/index.html
http://www.ipa.go.jp/security/vuln/documents/2005/JVN_40940493_webmin.html


Disclaimer:
-----------
The information contained in this advisory may be revised without prior
notice and is provided as it is. Users shall take their own risk when
taking any actions following reading this advisory. LAC Co., Ltd.
shall take no responsibility for any problems, loss or damage caused
by, or by the use of information provided here.

This advisory can be found at the following URL:
http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/83_e.html


Login or Register to add favorites

File Archive:

October 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    10 Files
  • 2
    Oct 2nd
    0 Files
  • 3
    Oct 3rd
    0 Files
  • 4
    Oct 4th
    0 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    0 Files
  • 8
    Oct 8th
    0 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close