Re: Webmin Security Questions

2002-11-18 Thread Meritt James
---Original Message- > > From: Chuck Spafford [mailto:[EMAIL PROTECTED]] > > Sent: Friday, November 15, 2002 10:59 AM > > To: [EMAIL PROTECTED] > > Subject: Re: Webmin Security Questions > > ...skipped... > > > > > > As far as I'm concerned, it&

RE: Webmin Security Questions

2002-11-16 Thread Sergey B. Kamyanov
Best UNIX management tool is /dev/hands :) Regards, Sergey Kamyanov System Administrator R.I.S.K. Co http://www.risk.az > -Original Message- > From: Chuck Spafford [mailto:[EMAIL PROTECTED]] > Sent: Friday, November 15, 2002 10:59 AM > To: [EMAIL PROTECTED] > Subj

Re: Webmin Security Questions

2002-11-16 Thread Chuck Spafford
In-Reply-To: <[EMAIL PROTECTED]> >Have any of you used Webmin > >http://www.webmin.com/ > >I'm looking into webmin software - thought it'd be cool to play with, > but I'm curious about security issues with it. I've been using Webmin to control Solaris and FreeBSD servers for about 8 m

RE: Webmin Security Questions

2002-10-28 Thread Paris E. Stone
Thursday, October 24, 2002 2:04 PM To: Allan Jensen Cc: [EMAIL PROTECTED] Subject: RE: Webmin Security Questions All, Three points: 1-) I have seen remote exploits for webmin that grant shell access due to flaws in the scripts that webmin uses. 2-) Webmin requires an httpd to run. If you

Re: Webmin Security Questions

2002-10-25 Thread Muhammad Faisal Rauf Danka
Refer to this post: http://www.der-keiler.de/Mailing-Lists/securityfocus/bugtraq/2002-08/0403.html And make sure your rpc value is "0" or if it's "2" then user admin and root will be able to do whatever they want, regardless of the permissions assigned (according to the post mentioned above). g

RE: Webmin Security Questions

2002-10-25 Thread Allan Jensen
> -Original Message- > From: ATD [mailto:simon@;snosoft.com] > Sent: 24. oktober 2002 20:04 > To: Allan Jensen > Cc: [EMAIL PROTECTED] > Subject: RE: Webmin Security Questions > > > All, > Three points: > > 1-) I have seen remote exploits f

RE: Webmin Security Questions

2002-10-25 Thread ATD
All, Three points: 1-) I have seen remote exploits for webmin that grant shell access due to flaws in the scripts that webmin uses. 2-) Webmin requires an httpd to run. If you are using webmin to manage your mail server, then you need to run httpd on your web server, which you would not

RE: Webmin Security Questions

2002-10-24 Thread Allan Jensen
> -Original Message- > From: Joe McCray [mailto:joemccray@;hardestworkingmanonline.com] > Sent: 21. oktober 2002 21:49 > To: [EMAIL PROTECTED] > Subject: Webmin Security Questions > > > Have any of you used Webmin > > http://www.webmin.com/ > [...] > Any opinions? Yep - it's a quite

Re: Webmin Security Questions

2002-10-23 Thread ATD
I suppose you could configure webmin so it was secure, but in general I would say it is fairly insecure. On Mon, 2002-10-21 at 15:48, Joe McCray wrote: > Have any of you used Webmin > > http://www.webmin.com/ > > I'm looking into webmin software - thought it'd be cool to play with, but I'm

Re: Webmin Security Questions

2002-10-23 Thread Devdas Bhagat
On 21/10/02 15:48 -0400, Joe McCray wrote: > Have any of you used Webmin > > http://www.webmin.com/ > > I'm looking into webmin software - thought it'd be cool to play with, but > I'm curious about security issues with it. I've never used it before - I > glanced over the website, and didn't se