| VID |
22417 |
| Severity |
30 |
| Port |
10000 |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The Webmin/Usermin web interface is vulnerable to a directory traversal vulnerability in miniserv.pl Perl web server. Webmin is a web-based system administration tool for Unix and Linux operating systems, and Usermin is a simplified version of Webmin designed for use by normal users rather than system administrators. Webmin versions prior to 1.290 and Usermin versions prior to 1.220 are vulnerable to a directory traversal vulnerability in miniserv.pl Web server component. By sending a specially-crafted URL request including "dot dot" sequences (/..%01), a remote attacker could traverse directories and read arbitrary files on the affected host without requiring a valid login.
* References:
http://www.webmin.com/changes-1.290.html
http://www.webmin.com/uchanges-1.220.html
http://secunia.com/advisories/20892/
* Platforms Affected:
Usermin Project, Usermin versions prior to 1.220
Webmin Project, Webmin versions prior to 1.290
Unix Any version
Linux Any version |
| Recommendation |
Upgrade to the latest version of Webmin / Usermin (Webmin 1.290 / Usermin 1.220 or later), available from the Webmin Web site at http://www.webmin.com/webmin/ |
| Related URL |
CVE-2006-3392 (CVE) |
| Related URL |
18744 (SecurityFocus) |
| Related URL |
(ISS) |
|
