<<< Date Index >>>     <<< Thread Index >>>

Re: Webmin / Usermin Arbitrary File Disclosure Vulnerability exploit



Jose,

It works just fine.  Tested on 7 test-bed hosts without an issue.

/str0ke

On 7/10/06, José Parrella <joseparrella@xxxxxxxxx> wrote:
On 7/9/06, Alexander Hristov <joffer@xxxxxxxxx> wrote:
> Name : Webmin / Usermin Arbitrary File Disclosure Vulnerability exploit
> Link : 
http://securitydot.net/xpl/exploits/vulnerabilities/articles/1152/exploit.html
> Date :  2006-06-30
> Patch : update to version 1.290
> Advisory : 
http://securitydot.net/vuln/exploits/vulnerabilities/articles/17885/vuln.html

Has anyone tested this? I've just tested this in Webmin 1.180 (Debian
3.1, package revision number 3) and didn't work (I had to explicitly
allow the attacker IP to the miniserv.conf, which is not the default
configuration in Debian and, I think, in Webmin's original tar.gz)

Jose