Bugtraq mailing list archives
Re: Webmin Doesn't Clean Env (root exploit)
From: Eugene Tsyrklevich <eugene () securityarchitects com>
Date: Mon, 28 May 2001 12:43:13 -0700
I have also found several security bugs in the older webmin releases (< 0.82). If you are still running an older version, you are _strongly_ recommended to upgrade. Some of the bugs found included execution of arbitrary commands and arbitrary directory traversals. The bugs were fixed in webmin 0.82. eugene On Sat, May 26, 2001 at 04:55:35PM -0400, J. Nick Koston wrote:
Not sure if this is known, however I know I've seen quite a few people still using webmin 0.84. Webmin doesn't seem to clean the env properly when starting apache (probably in other cases as well) It leaves the var HTTP_AUTHORIZATION set. All you need to do is run it though a mime 64 decode and you have the login and password to webmin. (it also leaves SERVER_PORT set so there should be no problem figuring out where the webmin is) You can best see the effects by: 1. Kill Apache 2. Start Apache will webmin 3. Goto a <?php phpinfo() ?> page and look at the vars The good news is that webmin 0.85 doesn't seem to have this problem because if doesn't use the same type of auth. This only seems to affect webmin 0.84 and earlier. Nick
Current thread:
- Webmin Doesn't Clean Env (root exploit) J. Nick Koston (May 28)
- Re: Webmin Doesn't Clean Env (root exploit) Marcus Meissner (May 29)
- Re: Webmin Doesn't Clean Env (root exploit) Eugene Tsyrklevich (May 30)