• Welcome to Web Hosting Community Forum for Webmasters - Web hosting Forum.
 

Recommended Providers

Fully Managed WordPress Hosting
lc_banner_leadgen_3
Fully Managed WordPress Hosting

WordPress Theme

Divi WordPress Theme
WPZOOM

Forum Membership

Forum Membership

Webmin - Read Mail Module Hardlink Arbitrary File Access

Started by Kailash, January 30, 2015, 10:26:16 AM

Kailash

Webmin is a web-based interface for system administration for Unix. Using any modern web browser, you can setup user accounts, Apache, DNS, file sharing and much more. Webmin removes the need to manually edit Unix configuration files like /etc/passwd, and lets you manage a system from the console or remotely.

Vulnerability Description:

It is possible for a malicious user to view any file on the server, including root owned files, by creating a hardlink under the user accessible mail directory which will then be rendered within Webmin.

Impact:

This vulnerability is rated as HIGH due to the fact that sensitive information can be obtained.

Vulnerable Version:

This vulnerability was tested against Webmin 1.720.

Fixed Version:


This vulnerability was patched in Webmin 1.730.