BugTraq
Webmin / Usermin Arbitrary File Disclosure Vulnerability exploit Jul 09 2006 01:57PM
Alexander Hristov (joffer gmail com) (1 replies)
Re: Webmin / Usermin Arbitrary File Disclosure Vulnerability exploit Jul 10 2006 10:02PM
José Parrella (joseparrella gmail com) (1 replies)
On 7/9/06, Alexander Hristov <joffer (at) gmail (dot) com [email concealed]> wrote:
> Name : Webmin / Usermin Arbitrary File Disclosure Vulnerability exploit
> Link : http://securitydot.net/xpl/exploits/vulnerabilities/articles/1152/exploi
t.html
> Date : 2006-06-30
> Patch : update to version 1.290
> Advisory : http://securitydot.net/vuln/exploits/vulnerabilities/articles/17885/vuln
.html

Has anyone tested this? I've just tested this in Webmin 1.180 (Debian
3.1, package revision number 3) and didn't work (I had to explicitly
allow the attacker IP to the miniserv.conf, which is not the default
configuration in Debian and, I think, in Webmin's original tar.gz)

Jose

[ reply ]
Re: Webmin / Usermin Arbitrary File Disclosure Vulnerability exploit Jul 15 2006 08:29PM
str0ke (str0ke milw0rm com)


 

Privacy Statement
Copyright 2010, SecurityFocus