Bugtraq mailing list archives
Re: Webmin / Usermin Arbitrary File Disclosure Vulnerability exploit
From: "José Parrella" <joseparrella () gmail com>
Date: Mon, 10 Jul 2006 18:02:44 -0400
On 7/9/06, Alexander Hristov <joffer () gmail com> wrote:
Name : Webmin / Usermin Arbitrary File Disclosure Vulnerability exploit Link : http://securitydot.net/xpl/exploits/vulnerabilities/articles/1152/exploit.html Date : 2006-06-30 Patch : update to version 1.290 Advisory : http://securitydot.net/vuln/exploits/vulnerabilities/articles/17885/vuln.html
Has anyone tested this? I've just tested this in Webmin 1.180 (Debian 3.1, package revision number 3) and didn't work (I had to explicitly allow the attacker IP to the miniserv.conf, which is not the default configuration in Debian and, I think, in Webmin's original tar.gz) Jose
Current thread:
- Webmin / Usermin Arbitrary File Disclosure Vulnerability exploit Alexander Hristov (Jul 10)
- Re: Webmin / Usermin Arbitrary File Disclosure Vulnerability exploit José Parrella (Jul 15)