You are here

U-254: Webmin Flaws Let Remote Authenticated Users Execute Arbitrary Code and View Arbitrary Files

September 10, 2012 - 6:00am

Addthis

PROBLEM:

Webmin Multiple Input Validation Vulnerabilities

PLATFORM:

The vulnerabilities are reported in version 1.580. Other versions may also be affected.

ABSTRACT:

An authenticated attacker may be able to execute arbitrary commands.

reference LINKS:

Webmin Security Alerts
Bugtraq ID:  55446  
Secunia Advisory SA50512
SecurityTracker Alert ID:  1027507
US CERT Vulnerability Note VU#788478
CVE-2012-2981
CVE-2012-2982
CVE-2012-2983

IMPACT ASSESSMENT:

Medium

Discussion:

Multiple vulnerabilities have been reported in Webmin, which can be exploited by malicious users to compromise a vulnerable system and by malicious people to disclose certain sensitive information.

1) Input passed via monitor type name is not properly sanitised in edit_mon.cgi and save_mon.cgi. This can be exploited to inject and execute arbitrary Perl code.

2) Input passed via the path info to show.cgi is not properly sanitised before being used in a "open()" function call. This can be exploited to inject and execute arbitrary shell commands.

3) Input passed via the "file" parameter to edit_html.cgi is not properly verified before being used to read files. This can be exploited to read arbitrary files from local resources.

Impact:

Remote authenticated users can execute arbitrary code and view arbitrary files.

Solution:

The vendor has issued a fix.

https://github.com/webmin/webmin/commit/ed7365064c189b8f136a9f952062249167d1bd9e

https://github.com/webmin/webmin/commit/1f1411fe7404ec3ac03e803cfa7e01515e71a213

https://github.com/webmin/webmin/commit/4cd7bad70e23e4e19be8ccf7b9f245445b2b3b80
 

Addthis