|
Webmin / Usermin Arbitrary File Disclosure Vulnerability
|
|
|
|
|
Secunia Advisory:
|
SA20892
|
|
|
Release Date:
|
2006-06-30
|
|
Last Update:
|
2006-07-11
|
|
|
Critical:
|
Moderately critical
|
|
Impact:
|
Exposure of system information
Exposure of sensitive information
|
|
Where:
|
From remote
|
|
Solution Status:
|
Vendor Patch
|
|
| Software: | Usermin 1.x
Webmin 1.x
|
| | CVE reference: | CVE-2006-3392 (Secunia mirror)
|
|
|
Want to know the next time vulnerabilities are fixed in this product?
- Companies can be alerted via email and SMS! |
|
|
Description:
A vulnerability has been reported in Webmin and Usermin, which can be exploited by malicious people to disclose potentially sensitive information.
The vulnerability is caused due to an unspecified error within the handling of an URL. This can be exploited to read the contents of any files on the server via a specially crafted URL, without requiring a valid login.
The vulnerability has been reported in the following versions:
* Webmin versions prior to 1.290.
* Usermin versions prior to 1.220.
Solution:
Update to the fixed versions.
Webmin:
Update to version 1.290.
http://www.webmin.com/
Usermin:
Update to version 1.220.
http://www.webmin.com/index6.html
Provided and/or discovered by:
The vendor credits Kenny Chen.
Changelog:
2006-07-10: Added link to US-CERT vulnerability note.
2006-07-11: Added CVE reference.
Other References:
US-CERT VU#999601:
http://www.kb.cert.org/vuls/id/999601
|
|
|
|
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
|
|
|
13 Related Secunia Security Advisories, displaying 10
|
|
|
1. Webmin / Usermin "search" Cross-Site Scripting
|
|
2. Webmin Unspecified Command Execution Vulnerability
|
|
3. Webmin / Usermin "pam_login.cgi" Cross-Site Scripting
|
|
4. Webmin / Usermin chooser.cgi Script Insertion Vulnerability
|
|
5. Usermin "shell" Denial of Service Vulnerability
|
|
6. Webmin / Usermin Cross-Site Scripting and Source Code Disclosure
|
|
7. Webmin Directory Traversal Vulnerability
|
|
8. Usermin "miniserv.pl" Perl Format String Vulnerability
|
|
9. Webmin "miniserv.pl" Perl Format String Vulnerability
|
|
10. Webmin / Usermin PAM Authentication Bypass Vulnerability
|
Show all related advisories
|
|
|
Send Feedback to Secunia
|
|
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.
|
|
|
|
