Webmin Usermin Remote Command Injection Vulnerability (CVE-2014-3883)

Webmin Usermin Remote Command Injection Vulnerability (CVE-2014-3883)

Release date:
Updated on:

Affected Systems:
WebSphere min Webmin <1.690
Webmin
Description:
--------------------------------------------------------------------------------
Bugtraq id: 68131
CVE (CAN) ID: CVE-2014-3883
 
Webmin is a Web interface for managing Unix systems. You can use any browser to set user accounts, Apache, DNS, DNS, file sharing, and others.
 
A remote command injection vulnerability exists in versions earlier than Webmin 1.600. Attackers can exploit this vulnerability to execute arbitrary OS commands in affected application context.

Install the LAMP \ Vsftpd \ Webmin \ phpMyAdmin service and settings in Ubuntu 13.04

Install Webmin on CentOS

[PPT document] Linux Remote Management Software Webmin

Install Webmin on Ubuntu 12.04 Server

Build a LAMP running environment & Webmin in CentOS
 
<* Source: Keigo Yamazaki (snsadv@lac.co.jp)
*>

Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
 
Webmin
------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
 
Http://www.webmin.com/webmin/

This article permanently updates the link address: