SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Webmin Vendors:   Cameron, Jamie
Webmin for Windows Error in Parsing '\' Backslash Character Permits Directory Traversal Attacks
SecurityTracker Alert ID:  1016375
SecurityTracker URL:  http://securitytracker.com/id/1016375
CVE Reference:   CVE-2006-3274   (Links to External Site)
Updated:  May 11 2009
Original Entry Date:  Jun 26 2006
Impact:   Disclosure of system information, Disclosure of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 1.270 and prior versions
Description:   A vulnerability was reported in Webmin. A remote user can view files on the target system.

The software does not properly validate user-supplied input that contains the '\' backslash character. A remote user can supply a specially crafted request to view files on target system that are located outside of the public directory.

Keigo Yamazaki (LAC) discovered this vulnerability.

The original advisory is available at:

http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/88_e.html

Impact:   A remote user can view files on the target system.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.webmin.com/ (Links to External Site)
Cause:   Input validation error
Underlying OS:  Windows (Any)
Underlying OS Comments:  Only the Windows version is affected.

Message History:   None.


 Source Message Contents

Subject:  [SNS Advisory No.88] Webmin Directory Traversal Vulnerability

----------------------------------------------------------------------
SNS Advisory No.88
Webmin Directory Traversal Vulnerability

Problem first discovered on: Sun, 04 Jun 2006
Published on: Fri, 23 Jun 2006
----------------------------------------------------------------------

Severity Level:
---------------
  Medium

Overview:
---------
  Webmin for Windows contains directory traversal vulnerability that
  allows remote attackers to download arbitrary files without authentication. 

Problem Description:
--------------------
  Webmin is a web-based system administration tool for Unix, MacOS X and
  Windows platform.

  Webmin 1.270 and earlier versions does not properly handle "\" (backslash).
  On Windows platform, this allows attackers to access outside of the public 
  directory and files.

  In default configurations of Webmin, it is required authentication to
  access almost directories under top page. But there are some directories
  where is not required authentication to access. For example, the directory 
  which stores the image used before login.

  Therefore, by exploiting directory traversal vulnerability from these 
  directories, the vulnerability allows remote attackers to download the 
  contents of arbitrary files without authentication.

Affected Versions:
------------------
  Webmin (on Windows) Version 1.270 and earlier versions

Solution:
---------
  This problem can be addressed by upgrading Webmin to 1.280 or later.

  http://www.webmin.com/ 

Discovered by:
--------------
  Keigo Yamazaki (LAC) 

Thanks to:
----------
This SNS Advisory is being published in coordination with Information-technology 
Promotion Agency, Japan (IPA) and JPCERT/CC. 

  http://jvn.jp/jp/JVN%2367974490/index.html
  http://www.ipa.go.jp/security/vuln/documents/2006/JVN_67974490_webmin.html 

Disclaimer:
-----------
  The information contained in this advisory may be revised without prior
  notice and is provided as it is. Users shall take their own risk when
  taking any actions following reading this advisory. LAC Co., Ltd.
  shall take no responsibility for any problems, loss or damage caused
  by, or by the use of information provided here.

  This advisory can be found at the following URL:
  http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/88_e.html
----------------------------------------------------------------------


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC