|
Webmin Directory Traversal Vulnerability
|
|
|
|
|
Secunia Advisory:
|
SA20777
|
|
|
Release Date:
|
2006-06-23
|
|
Last Update:
|
2006-06-30
|
|
|
Critical:
|
Moderately critical
|
|
Impact:
|
Exposure of system information
Exposure of sensitive information
|
|
Where:
|
From remote
|
|
Solution Status:
|
Vendor Patch
|
|
| Software: | Webmin 1.x
|
| | CVE reference: | CVE-2006-3274 (Secunia mirror)
|
|
|
Want to know the next time vulnerabilities are fixed in this product?
- Companies can be alerted via email and SMS! |
|
|
Description:
Keigo Yamazaki has reported a vulnerability Webmin, which can be exploited by malicious people to disclose potentially sensitive information.
The vulnerability is caused due to an input validation error within the handling of URL requests containing the backslash "\" character. This can be exploited to gain access to arbitrary files on a Windows system via directory traversal attacks.
Successful exploitation requires that Webmin is used on the Windows platform.
The vulnerability has been reported in version 1.270 and prior.
Solution:
Update to version 1.280.
http://www.webmin.com/
Provided and/or discovered by:
Keigo Yamazaki, Little eArth Corporation (LAC).
Changelog:
2006-06-23: Updated "Description", "Original Advisory" and credit sections.
2006-06-30: Added CVE reference.
Original Advisory:
Little eArth Corporation (LAC):
http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/88_e.html
|
|
|
|
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
|
|
|
11 Related Secunia Security Advisories, displaying 10
|
|
|
1. Webmin / Usermin "search" Cross-Site Scripting
|
|
2. Webmin Unspecified Command Execution Vulnerability
|
|
3. Webmin / Usermin "pam_login.cgi" Cross-Site Scripting
|
|
4. Webmin / Usermin chooser.cgi Script Insertion Vulnerability
|
|
5. Webmin / Usermin Cross-Site Scripting and Source Code Disclosure
|
|
6. Webmin / Usermin Arbitrary File Disclosure Vulnerability
|
|
7. Webmin "miniserv.pl" Perl Format String Vulnerability
|
|
8. Webmin / Usermin PAM Authentication Bypass Vulnerability
|
|
9. Usermin Shell Command Injection and Insecure Installation Vulnerabilities
|
|
10. Webmin / Usermin Security Restriction Bypass Vulnerabilities
|
Show all related advisories
|
|
|
Send Feedback to Secunia
|
|
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.
|
|
|
|
