JVN#99776858 Multiple vulnerabilities in Webmin and Usermin

Overview

Webmin and Usermin, web-based system management tools, contain the following vulnerabilities:

Execution of arbitrary files and viewing source code by bypassing Webmin and Usermin's access restrictions
Cross-site scripting

Products Affected

Webmin 1.290 and earlier
Usermin1.220 and earlier

We are aware that these vulnerabilities have been addressed in Webmin development version 1.297 and Usermin development version 1.226, as of August 31, 2006. Please refer to "Development Versions of Webmin and Usermin" on the vendor's website for information on the latest versions of the software.

Description

Impact

A remote attacker could conduct the followings:

Steal Webmin and Usermin's configuration information
Execute an arbitrary script on the user's web browser
Possibly conduct a session hijack attack if session information from a cookie is leaked

Solution

Vendor Status

Vendor	Link
webmin	Security Alerts
	Development Versions of Webmin and Usermin

References

LAC
Webmin/Usermin Null Character "%00" Handling Vulnerability

JPCERT/CC Addendum

Credit

Keigo Yamazaki of LAC Co., Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendors under Information Security Early Warning Partnership.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE
JVN iPedia	JVNDB-2006-000939