[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Webmin / Usermin Arbitrary File Disclosure Vulnerability exploit

To: "Alexander Hristov" <joffer@xxxxxxxxx>
Subject: Re: Webmin / Usermin Arbitrary File Disclosure Vulnerability exploit
From: "José Parrella" <joseparrella@xxxxxxxxx>
Date: Mon, 10 Jul 2006 18:02:44 -0400

On 7/9/06, Alexander Hristov <joffer@xxxxxxxxx> wrote:

Name : Webmin / Usermin Arbitrary File Disclosure Vulnerability exploit
Link : 
http://securitydot.net/xpl/exploits/vulnerabilities/articles/1152/exploit.html
Date :  2006-06-30
Patch : update to version 1.290
Advisory : 
http://securitydot.net/vuln/exploits/vulnerabilities/articles/17885/vuln.html


Has anyone tested this? I've just tested this in Webmin 1.180 (Debian
3.1, package revision number 3) and didn't work (I had to explicitly
allow the attacker IP to the miniserv.conf, which is not the default
configuration in Debian and, I think, in Webmin's original tar.gz)

Jose

Follow-Ups:
- Re: Webmin / Usermin Arbitrary File Disclosure Vulnerability exploit
  - From: str0ke

References:
- Webmin / Usermin Arbitrary File Disclosure Vulnerability exploit
  - From: Alexander Hristov

Prev by Date: [SECURITY] Plain text password in Finjan Appliance 5100/8100 NG backup file
Next by Date: Phorum 5.1.14 XSS SQL injection Vulnerability
Previous by thread: Webmin / Usermin Arbitrary File Disclosure Vulnerability exploit
Next by thread: Re: Webmin / Usermin Arbitrary File Disclosure Vulnerability exploit
Index(es):
- Date
- Thread