Webmin / Usermin Installation Insecure Temporary File Creation Vulnerability

Webmin / Usermin Installation Insecure Temporary File Creation Vulnerability

It is reported that Webmin and Usermin create insecure temporary files during installation. The result of this is that temporary files created by the applications may use predictable filenames.

A local attacker may possibly exploit this vulnerability to execute symbolic link file overwrite attacks.

Versions of Usermin prior to version 1.090 are reported prone to this vulnerability. Webmin 1.150 and prior versions are affected as well.