• info
• discussion
• exploit
• solution
• references

Webmin Environment Variable Information Disclosure Vulnerability

Solution:
This issue only affects versions 0.84 and earlier.

These versions should be upgraded to version 0.85.

Caldera:

Vulnerable Versions

System Package
-----------------------------------------------------------
OpenLinux 2.3 not vulnerable

OpenLinux eServer 2.3.1 All packages previous to
and OpenLinux eBuilder webmin-0.749-7

OpenLinux eDesktop 2.4 All packages previous to
webmin-0.78-11

OpenLinux 3.1 Server All packages previous to
webmin-0.87-2

OpenLinux 3.1 Workstation All packages previous to
webmin-0.87-2


Webmin Webmin 0.5 x

• Caldera OpenLinux 3.1 Server webmin-0.87-2.i386.rpm
  ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/RPMS/


• Caldera OpenLinux eDesktop 2.4 webmin-0.78-11.i386.rpm
  ftp://ftp.caldera.com/pub/updates/eDesktop/2.4/current/RPMS/


• Caldera OpenLinux eServer 2.3.1 and eBuilder webmin-0.749-7.i386.rpm
  ftp://ftp.caldera.com/pub/updates/eServer/2.3/current/RPMS/


• Caldera webmin-0.749-7.i386.rpm
  ftp://ftp.caldera.com/pub/updates/eServer/2.3/current/RPMS/webmin-0.74 9-7.i386.rpm

Webmin Webmin 0.6

• Caldera OpenLinux 3.1 Server webmin-0.87-2.i386.rpm
  ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/RPMS/


• Caldera OpenLinux eDesktop 2.4 webmin-0.78-11.i386.rpm
  ftp://ftp.caldera.com/pub/updates/eDesktop/2.4/current/RPMS/


• Caldera OpenLinux eServer 2.3.1 and eBuilder webmin-0.749-7.i386.rpm
  ftp://ftp.caldera.com/pub/updates/eServer/2.3/current/RPMS/


• Caldera webmin-0.749-7.i386.rpm
  ftp://ftp.caldera.com/pub/updates/eServer/2.3/current/RPMS/webmin-0.74 9-7.i386.rpm


• Mandrake 1.0.1 webmin-0.84-7.3mdk.noarch.rpm
  http://sunsite.ualberta.ca/pub/Mirror/Linux/mandrake/current/updates/1 .0.1/RPMS/webmin-0.84-7.3mdk.noarch.rpm


• Mandrake 7.1 webmin-0.84-1.2mdk.noarch.rpm
  http://sunsite.ualberta.ca/pub/Mirror/Linux/mandrake/current/updates/7 .1/RPMS/webmin-0.84-7.3mdk.noarch.rpm

Webmin Webmin 0.7

• Caldera OpenLinux 3.1 Server webmin-0.87-2.i386.rpm
  ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/RPMS/


• Caldera OpenLinux eDesktop 2.4 webmin-0.78-11.i386.rpm
  ftp://ftp.caldera.com/pub/updates/eDesktop/2.4/current/RPMS/


• Caldera OpenLinux eServer 2.3.1 and eBuilder webmin-0.749-7.i386.rpm
  ftp://ftp.caldera.com/pub/updates/eServer/2.3/current/RPMS/


• Caldera webmin-0.749-7.i386.rpm
  ftp://ftp.caldera.com/pub/updates/eServer/2.3/current/RPMS/webmin-0.74 9-7.i386.rpm


• Mandrake 1.0.1 webmin-0.84-7.3mdk.noarch.rpm
  http://sunsite.ualberta.ca/pub/Mirror/Linux/mandrake/current/updates/1 .0.1/RPMS/webmin-0.84-7.3mdk.noarch.rpm


• Mandrake 7.1 webmin-0.84-1.2mdk.noarch.rpm
  http://sunsite.ualberta.ca/pub/Mirror/Linux/mandrake/current/updates/7 .1/RPMS/webmin-0.84-7.3mdk.noarch.rpm

Webmin Webmin 0.8.3

• Caldera OpenLinux 3.1 Server webmin-0.87-2.i386.rpm
  ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/RPMS/


• Caldera webmin-0.749-7.i386.rpm
  ftp://ftp.caldera.com/pub/updates/eServer/2.3/current/RPMS/webmin-0.74 9-7.i386.rpm


• Mandrake 1.0.1 webmin-0.84-7.3mdk.noarch.rpm
  http://sunsite.ualberta.ca/pub/Mirror/Linux/mandrake/current/updates/1 .0.1/RPMS/webmin-0.84-7.3mdk.noarch.rpm


• Mandrake 7.1 webmin-0.84-1.2mdk.noarch.rpm
  http://sunsite.ualberta.ca/pub/Mirror/Linux/mandrake/current/updates/7 .1/RPMS/webmin-0.84-7.3mdk.noarch.rpm


• Mandrake 7.2 webmin-0.84-1.1mdk.noarch.rpm
  http://sunsite.ualberta.ca/pub/Mirror/Linux/mandrake/updates/7.2/RPMS/ webmin-0.84-1.1mdk.noarch.rpm

Webmin Webmin 0.8.4

• Caldera OpenLinux 3.1 Server webmin-0.87-2.i386.rpm
  ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/RPMS/


• Caldera webmin-0.749-7.i386.rpm
  ftp://ftp.caldera.com/pub/updates/eServer/2.3/current/RPMS/webmin-0.74 9-7.i386.rpm


• Mandrake 1.0.1 webmin-0.84-7.3mdk.noarch.rpm
  http://sunsite.ualberta.ca/pub/Mirror/Linux/mandrake/current/updates/1 .0.1/RPMS/webmin-0.84-7.3mdk.noarch.rpm


• Mandrake 7.1 webmin-0.84-1.2mdk.noarch.rpm
  http://sunsite.ualberta.ca/pub/Mirror/Linux/mandrake/current/updates/7 .1/RPMS/webmin-0.84-7.3mdk.noarch.rpm

Webmin Webmin 0.80

• Caldera OpenLinux 3.1 Server webmin-0.87-2.i386.rpm
  ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/RPMS/


• Caldera webmin-0.749-7.i386.rpm
  ftp://ftp.caldera.com/pub/updates/eServer/2.3/current/RPMS/webmin-0.74 9-7.i386.rpm


• Mandrake 1.0.1 webmin-0.84-7.3mdk.noarch.rpm
  http://sunsite.ualberta.ca/pub/Mirror/Linux/mandrake/current/updates/1 .0.1/RPMS/webmin-0.84-7.3mdk.noarch.rpm


• Mandrake 7.1 webmin-0.84-1.2mdk.noarch.rpm
  http://sunsite.ualberta.ca/pub/Mirror/Linux/mandrake/current/updates/7 .1/RPMS/webmin-0.84-7.3mdk.noarch.rpm

Webmin Webmin 0.85

• Caldera OpenLinux 3.1 Server webmin-0.87-2.i386.rpm
  ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/RPMS/


• Caldera webmin-0.749-7.i386.rpm
  ftp://ftp.caldera.com/pub/updates/eServer/2.3/current/RPMS/webmin-0.74 9-7.i386.rpm


• Mandrake 1.0.1 webmin-0.84-7.3mdk.noarch.rpm
  http://sunsite.ualberta.ca/pub/Mirror/Linux/mandrake/current/updates/1 .0.1/RPMS/webmin-0.84-7.3mdk.noarch.rpm


• Mandrake 7.1 webmin-0.84-1.2mdk.noarch.rpm
  http://sunsite.ualberta.ca/pub/Mirror/Linux/mandrake/current/updates/7 .1/RPMS/webmin-0.84-7.3mdk.noarch.rpm