Release date:
Updated on:
Affected Systems:
Webmin <= 1.590
Description:
--------------------------------------------------------------------------------
Bugtraq id: 55446
Cve id: CVE-2012-2981
Webmin is a Web interface for managing Unix systems. You can use any browser to set user accounts, Apache, DNS, DNS, file sharing, and others.
Webmin 1.590 and earlier versions have security vulnerabilities. Remote users who pass identity authentication can execute arbitrary Perl commands through special files related to type parameters.
<* Source: American Information Security Group
Link: http://www.kb.cert.org/vuls/id/788478
Http://www.exploit-db.com/exploits/21851/
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Webmin
------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://www.webmin.com/webmin/