Package: Webmin Version: 1.180-3 Severity: grave Tags: security The webmin `miniserv.pl' web server component is vulnerable to a new class of exploitable (remote code) perl format string vulnerabilities. During the login process it is possible to trigger this vulnerability via a crafted username parameter containing format string data. In the observed configuration the process was running as the user root, so if remote code execution is successful, it would lead to a full remote root compromise in a standard configuration. A valid login is not required to trigger this vulnerability, only access to the miniserv.pl port (default 10000).
Date Found: September 23, 2005. Public Release: November 29, 2005. Application: webmin miniserv.pl, *all versions below 1.250* Credit: Jack Louis of Dyad Security More information available at: http://www.dyadsecurity.com/webmin-0001.html There are new fixed versions available at http://www.webmin.com/ http://www.webmin.com/security.html says: Perl syslog bug attack Effects Webmin versions below 1.250 and Usermin versions below 1.180, with syslog logging enabled. When logging of failing login attempts via syslog is enabled, an attacker can crash and possibly take over the Webmin webserver, due to a bug in Perl's syslog function. Upgrading to the latest release of Webmin is recommended. Thanks to Jack at Dyad Security for reporting this problem to me. Since this is my first bug report to Debian I hope everything is correct.. I don't know if it is necessary to post this bug for other versions and usermin as well. Thanks in advance! Andreas -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]