Bugtraq mailing list archives

Re: Webmin / Usermin Arbitrary File Disclosure Vulnerability exploit

From: "José Parrella" <joseparrella () gmail com>
Date: Mon, 10 Jul 2006 18:02:44 -0400

On 7/9/06, Alexander Hristov <joffer () gmail com> wrote:

Name : Webmin / Usermin Arbitrary File Disclosure Vulnerability exploit
Link : http://securitydot.net/xpl/exploits/vulnerabilities/articles/1152/exploit.html
Date :  2006-06-30
Patch : update to version 1.290
Advisory : http://securitydot.net/vuln/exploits/vulnerabilities/articles/17885/vuln.html


Has anyone tested this? I've just tested this in Webmin 1.180 (Debian
3.1, package revision number 3) and didn't work (I had to explicitly
allow the attacker IP to the miniserv.conf, which is not the default
configuration in Debian and, I think, in Webmin's original tar.gz)

Jose

Current thread:

Webmin / Usermin Arbitrary File Disclosure Vulnerability exploit Alexander Hristov (Jul 10)
- Re: Webmin / Usermin Arbitrary File Disclosure Vulnerability exploit José Parrella (Jul 15)
  - Re: Webmin / Usermin Arbitrary File Disclosure Vulnerability exploit str0ke (Jul 18)