Medium

 

Webmin for Windows contains directory traversal vulnerability that allows remote attackers to download arbitrary files without authentication.

 

Webmin is a web-based system administration tool for Unix, MacOS X and Windows platform.

Webmin 1.270 and earlier versions does not properly handle "\" (backslash). On Windows platform, this allows attackers to access outside of the public directory and files.

In default configurations of Webmin, it is required authentication to access almost directories under top page. But there are some directories where is not required authentication to access. For example, the directory which stores the image used before login.

Therefore, by exploiting directory traversal vulnerability from these directories, the vulnerability allows remote attackers to download the contents of arbitrary files without authentication.

 

Webmin (on Windows) Version 1.270 and earlier versions

 

This problem can be addressed by upgrading Webmin to 1.280 or later.

 

Keigo Yamazaki (LAC)

 

This LAC Advisory is released in coordination with Information-technology Promotion Agency, Japan (IPA) and Japan Computer Emargency Response Team Coordination Center (JPCERT/CC.)

http://jvn.jp/jp/JVN%2367974490/index.html


 

The information contained in this advisory may be revised without prior notice and is provided as is. Users shall take their own risk when taking any actions following reading this advisory. Little eArth Corporation Co., Ltd. shall not be held responsible  for any claims, losses or damages caused by the use of information provided here.