Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 193674

Summary: app-admin/webmin < 1.370 Unspecified Command Execution Vulnerability
Product: Gentoo Security Reporter: Matt Fleming (RETIRED) <mjf>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED INVALID    
Severity: major CC: web-apps
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://secunia.com/advisories/26885/
Whiteboard: B1 [ebuild]
Package list:
Runtime testing required: ---

Description Matt Fleming (RETIRED) gentoo-dev 2007-09-24 19:29:36 UTC 
A vulnerability has been reported in Webmin, which can be exploited by malicious users to gain escalated privileges.

The vulnerability is caused due to an unspecified error and can be exploited to execute arbitrary commands by requesting a specially crafted URL.

Successful exploitation requires valid user credentials and that Webmin is running on a Windows system.

The vulnerability is reported in versions prior to 1.370.
Comment 1 Matt Fleming (RETIRED) gentoo-dev 2007-09-24 19:32:37 UTC 
Setting whiteboard status and pulling in web-apps for their guidance.

Version 1.370 is in portage but is masked.
Comment 2 Pierre-Yves Rofes (RETIRED) gentoo-dev 2007-09-24 19:35:10 UTC 
forget that, it's windows only. sorry for the noise.