Add to Favorites
Hosting Discussion
 

Hosting Discussion > Web Hosting Forums > Hardware and Server Configuration > Webmin Insecure Directory Permissions Vulnerability
forgot password?


Reply
 
LinkBack Thread Tools


Old
  Post #1 (permalink)   03-23-2002, 03:47 PM
HD Addict
 
Homer's Avatar
 
Join Date: Jan 2002
Posts: 122

Status: Homer is offline
Webmin is a web-based interface for system administration of Unix and Linux operating systems.

It has been reported that Webmin, when installed from a RPM, creates the /var/webmin directory with world-readable permissions. If command logging is enabled, it may be possible for a local attacker to read the root user's cookie-based authentication credentials. It may be possible for a local attacker to hijack the Webmin session of the root user with these credentials.

This issue was reported for version 0.92. Earlier versions may also be affected.

The directory /etc/webmin/servers/ is also created with similar insecure permissions. Authentication credentials are also stored in plaintext and may be disclosed as a result of this issue. This vulnerability is described in BugTraq ID 4351 "Webmin Plaintext Authentication Credentials Vulnerability".
 
 
 
Reply

Thread Tools

New Post New Post   Old Post Old Post
Posting Rules:
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On




Contact Us | HostingDiscussion.com | Advertising (with spam verification) | Archive

© 2000-2008 HostingDiscussion.com. All right reserved.
Web Hosting by Micfo.com
All times are GMT -6. The time now is 07:51 PM.
Powered by vBulletin® Version 3.6.8
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Search Engine Friendly URLs by vBSEO 3.1.0