Webmin Input Validation Vulnerabilities

Published: 2012-09-08. Last Updated: 2012-09-08 22:19:02 UTC
by Guy Bruneau (Version: 2)
2 comment(s)

If you are using Webmin within your network to administer Unix services, you should consider upgrading to the latest version 1.594 because an input validation vulnerabilities has been reported in version prior to and including 1.580. The latest version can be downloaded here or the update can be done directly in Webmin (Via menu Webmin, Webmin Configuration and Upgrade Webmin).

CVE-2012-2981 - Improper Input Validation
CVE-2012-2982 - Improper Neutralization of Special Elements used in a Command
CVE-2012-2983 - Improper Limitation of a Pathname to a Restricted Directory

[1] http://www.kb.cert.org/vuls/id/788478
[2] http://www.webmin.com/download.html
[3] http://download.webmin.com/devel/tarballs/

Note: Updated link to the latest tarball.

-----------

Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu

Keywords: Input Validation Webmin
2 comment(s)

Comments

webmin1.5.90 was released june 30 so I think this is late news?

Sot

Sep 8th 2012
1 decade ago

Sot, updated the diary with correct link to patched version.

Guy

Sep 8th 2012
1 decade ago

Login here to join the discussion.


Top of page
Diary Archives