[SNS Advisory No.77] Usermin Remote Arbitrary Shell Command Execution Vulnerability

From: snsadv (snsadv_at_lac.co.jp)
Date: 09/07/04

  • Next message: 3APA3A: "Re: cdrdao local root exploit" 
    Date: Tue, 07 Sep 2004 17:40:53 +0900
To: bugtraq@securityfocus.com

    ----------------------------------------------------------------------
    SNS Advisory No.77
    Usermin Remote Arbitrary Shell Command Execution Vulnerability

    Problem first discovered on: Sun, 11 Apr 2004
    Published on: Tue, 7 Sept 2004
    ----------------------------------------------------------------------

    Severity:
    ---------
    Medium

    Overview:
    ---------
      A vulnerability in Usermin's Web mail function could result in
      arbitrary OS command execution upon viewing a specially crafted
      HTML mail.

    Problem Description:
    --------------------
      Usermin is a web interface that allows all users on a Unix system
      to easily receive mails and to perform SSH and mail forwarding
      configuration.

      A vulnerability exists in Usermin because the module responsible
      for mail transmission fails to sanitize HTML mails including a link
      to another Usermin module. An attacker could take advantage of this
      problem to execute arbitrary OS commands with the privileges of the
      Usermin user.

    Affected Versions:
    ------------------
      Usermin Version 1.070
      Usermin Version 1.080

    Solution:
    ---------
      This problem can be addressed by upgrading Usermin to version 1.090.

        http://www.webmin.com/

    Discovered by:
    --------------
      Keigo Yamazaki

    Acknowledgements:
    -----------------
      Thanks to:

      Mr. Jamie Cameron

    Disclaimer:
    -----------
      The information contained in this advisory may be revised without
      prior notice and is provided as it is. Users shall take their own risk
      when taking any actions following reading this advisory. LAC Co., Ltd.
      shall take no responsibility for any problems, loss or damage caused
      by, or by the use of information provided here.

      This advisory can be found at the following URL:
      Reference:http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/77_e.html

    ------------------------------------------------------------------
    Secure Net Service(SNS) Security Advisory <snsadv@lac.co.jp>
    Computer Security Laboratory, LAC http://www.lac.co.jp/security/

  • Next message: 3APA3A: "Re: cdrdao local root exploit"
    • Quantcast