作者 主題: 使用webmin的升級到 0.9701吧~  (閱讀 7052 次)

0 會員 與 1 訪客 正在閱讀本文。

myz

  • 活潑的大學生
  • ***
  • 文章數: 433
    • 檢視個人資料
使用webmin的升級到 0.9701吧~
« 於: 2002-05-16 22:34 »
COMMAND
   Webmin/Usermin Session ID Spoofing Vulnerability
SYSTEMS AFFECTED
     Webmin Version: 0.960
     Usermin Version: 0.90
   
PROBLEM
   Keigo Yamazaki of LAC Co.,Ltd [http://www.lac.co.jp/] found :
   
   Webmin is a web-based system administration tool for Unix. Usermin is  a
   web interface that allows all users on a Unix system to  easily  receive
   mails and to perform SSH and mail forwarding configuration.
     
   Internal communication between the parent process and the child  process
   using named pipes occur in these software packages  during  creation  or
   verification of a session ID, or during the setting process of  password
   timeouts. Because the control characters contained in  the  data  passed
   as authentication information are not  eliminated,  it  is  possible  to
   make Webmin and Usermin to acknowledge the combination of any  user  and
   session ID specified by an attacker. If  the  attacker  could  log  into
   Webmin by using this problem, there  is  a  possibility  that  arbitrary
   commands may be executed with root privileges.
   
     [Preconditions for a successful exploit]
   
   In the case of Webmin :
   
     * Webmin->Configuration->Authentication
       "Enable password timeouts" is enabled
     * if a valid Webmin username is known
       by default, user "admin" exists and this user can use all the
       functions, including command shell
   
   In the case of Usermin:
   
     * if password timeout is enabled
     * if a valid Usermin username is known
   
SOLUTION
   This problem can be eliminated by upgrading  to  Webmin  version  0.970/
   Usermin version 0.910, which are available at:
   
   http://www.webmin.com/