Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: Webmin Input Validation Vulnerabilities - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Webmin Input Validation Vulnerabilities

If you are using Webmin within your network to administer Unix services, you should consider upgrading to the latest version 1.590 (include 2 patches) because an input validation vulnerabilities has been reported in version prior to and including 1.580. The latest version can be downloaded here or the update can be done directly in Webmin (Via menu Webmin, Webmin Configuration and Upgrade Webmin).

CVE-2012-2981 - Improper Input Validation
CVE-2012-2982 - Improper Neutralization of Special Elements used in a Command
CVE-2012-2983 - Improper Limitation of a Pathname to a Restricted Directory

[1] http://www.kb.cert.org/vuls/id/788478
[2] http://www.webmin.com/download.html

-----------

Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu

Guy

418 Posts
ISC Handler
webmin1.5.90 was released june 30 so I think this is late news?
Anonymous
Posts
Sot, updated the diary with correct link to patched version.
Guy

418 Posts Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!