Published:2006/06/23  Last Updated:2008/05/21

JVN#67974490
Webmin directory traversal vulnerability

Overview

Webmin is a web-based system management tool.
Webmin contains a directory traversal vulnerability which allows to bypass authentication.

Products Affected

  • Webmin 1.280 and earlier
  • Usermin 1.210 and earlier
As of June 30, 2006, patched versions of the module addressing this vulnerability for all OS platforms are available from the vendor. This vulnerability was originally reported as an issue specific to the Windows platform. The vendor announces that the vulnerability affects the product on any OS platforms.

Description

Impact

A remote attacker could view files on the computer without authentication. Private information could be leaked as a result.

Solution

Vendor Status

Vendor Link
webmin Security Alerts

References

  1. Japan Webmin Users Group
    http://jp.webmin.com/modules/news/article.php?storyid=17

JPCERT/CC Addendum

Credit

Keigo Yamazaki of LAC Co., Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendors under Information Security Early Warning Partnership.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE
JVN iPedia JVNDB-2006-000938

Update History