[Am-info] Webmin local privilege escalation
Fred A. Miller
fm@cupserv.org
Fri, 29 Mar 2002 15:16:03 -0500
Webmin local privilege escalation
The Webmin administrative CGI suite version 0.92-1 distributed in
various RPMs incorrectly sets permissions on the /var/webmin directory,
thereby allowing a local attacker to recover session IDs and log in
with root status.
This vulnerability is confirmed and fixed in version 0.93.
Source: SecurityFocus Bugtraq
http://archives.neohapsis.com/archives/bugtraq/2002-03/0245.html
--
Fred A. Miller
Systems Administrator
Cornell Univ. Press Services
fm@cupserv.org, www.cupserv.org
--- SuSE Linux v7.3 Pro---