SNS Advisory No.95
Webmin miniserv.pl Shell Command Injection Vulnerability
Discovered on:10 Jun 2007
Released on:03 Oct 2007
Severity:
High
Overview:
Webmin 1.360 and earlier are vulnerable to OS command injection when running on Windows platforms.
Description:
Webmin is a Web-based system administration tool for UNIX, MacOS X and Windows.
The "miniserv.pl" Web server component, which is capable of running the application, have a vulnerability in handling the argument when launching CGI by using "open" command.
Access to a specially crafted URL indicating CGI to run can trigger the execution of arbitrary operating system commands specified in the URL parameters. (OS Command Injection)
Exploitation of the vulnerability can lead to the following impacts:
- Less-privileged Webmin users escalate their privileges to administrator level.
- Attackers execute arbitrary OS commands on the target server by tricking the legitimate Webmin user into visiting the malicious URL.
Affected Products and Versions:
Webmin (on Windows) 1.360 and earlier
Solution:
The vulnerability can be fixed by updating the software to Webmin 1.370 or later, which are available at: http://www.webmin.com/
Discovered by:
Keigo Yamazaki (LAC)
Thanks to:
This LAC Advisory is released in coordination with Information-technology Promotion Agency, Japan (IPA) and Japan Computer Emargency Response Team Coordination Center (JPCERT/CC.)
http://jvn.jp/jp/JVN%2361208749/index.html
http://www.ipa.go.jp/security/vuln/documents/2007/JVN_61208749.htmlhttp://www.ipa.go.jp/security/vuln/200710_Webmin.html
Disclaimer:
The information contained in this advisory may be revised without prior notice and is provided as is. Users shall take their own risk when taking any actions following reading this advisory. Little eArth Corporation Co., Ltd. shall not be held responsible for any claims, losses or damages caused by the use of information provided here.
This advisory is available at the following URL:
http://www.lac.co.jp/english/advisory/95_e.html
Reference
Category Menu
