Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: re: webmin remote format string bug

From: Dave Aitel <dave () immunitysec com>
Date: Thu, 01 Dec 2005 16:10:33 -0500
This is exploitable - Immunity has a PoC exploit in our Partner's section written by Bas Alberts. 

Thanks,
Dave Aitel
Immunity, Inc.


craig () freenet de wrote:

Hello!
I succeeded in crashing webmin 1.230 with:

username %n
password aaaa

after klicking 4 times on "Login" webmin was dead.
There were no logs at all, and no error was shown in the web interface...
Any idea if it's really exploitable (executing code I mean)? Is anyone working on a POC?

giarc () freeet de





_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: