193674 – app-admin/webmin < 1.370 Unspecified Command Execution Vulnerability

Bug 193674 - app-admin/webmin < 1.370 Unspecified Command Execution Vulnerability

Summary: app-admin/webmin < 1.370 Unspecified Command Execution Vulnerability

Status:	RESOLVED INVALID

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	High major
Assignee:	Gentoo Security

URL:	http://secunia.com/advisories/26885/
Whiteboard:	B1 [ebuild]
Keywords:

Depends on:
Blocks:

Reported:	2007-09-24 19:29 UTC by Matt Fleming (RETIRED)
Modified:	2007-09-24 19:35 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Matt Fleming (RETIRED) gentoo-dev

2007-09-24 19:29:36 UTC

A vulnerability has been reported in Webmin, which can be exploited by malicious users to gain escalated privileges.

The vulnerability is caused due to an unspecified error and can be exploited to execute arbitrary commands by requesting a specially crafted URL.

Successful exploitation requires valid user credentials and that Webmin is running on a Windows system.

The vulnerability is reported in versions prior to 1.370.

Comment 1 Matt Fleming (RETIRED) gentoo-dev

2007-09-24 19:32:37 UTC

Setting whiteboard status and pulling in web-apps for their guidance.

Version 1.370 is in portage but is masked.

Comment 2 Pierre-Yves Rofes (RETIRED) gentoo-dev

2007-09-24 19:35:10 UTC

forget that, it's windows only. sorry for the noise.