1 |
-----BEGIN PGP SIGNED MESSAGE----- |
2 |
Hash: SHA1 |
3 |
|
4 |
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
5 |
Gentoo Linux Security Advisory GLSA 200409-15 |
6 |
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
7 |
http://security.gentoo.org/ |
8 |
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
9 |
|
10 |
Severity: Normal |
11 |
Title: Webmin, Usermin: Multiple vulnerabilities in Usermin |
12 |
Date: September 12, 2004 |
13 |
Bugs: #63167 |
14 |
ID: 200409-15 |
15 |
|
16 |
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
17 |
|
18 |
Synopsis |
19 |
======== |
20 |
|
21 |
A vulnerability in the webmail function of Usermin could be used by an |
22 |
attacker to execute shell code via a specially-crafted e-mail. A bug |
23 |
in the installation script of Webmin and Usermin also allows a local |
24 |
user to execute a symlink attack at installation time. |
25 |
|
26 |
Background |
27 |
========== |
28 |
|
29 |
Webmin and Usermin are web-based system administration consoles. Webmin |
30 |
allows an administrator to easily configure servers and other features. |
31 |
Usermin allows users to configure their own accounts, execute commands, |
32 |
and read e-mail. The Usermin functionality, including webmail, is also |
33 |
included in Webmin. |
34 |
|
35 |
Affected packages |
36 |
================= |
37 |
|
38 |
------------------------------------------------------------------- |
39 |
Package / Vulnerable / Unaffected |
40 |
------------------------------------------------------------------- |
41 |
1 app-admin/usermin < 1.090 >= 1.090 |
42 |
2 app-admin/webmin < 1.160 >= 1.160 |
43 |
------------------------------------------------------------------- |
44 |
2 affected packages on all of their supported architectures. |
45 |
------------------------------------------------------------------- |
46 |
|
47 |
Description |
48 |
=========== |
49 |
|
50 |
There is an input validation bug in the webmail feature of Usermin. |
51 |
|
52 |
Additionally, the Webmin and Usermin installation scripts write to |
53 |
/tmp/.webmin without properly checking if it exists first. |
54 |
|
55 |
Impact |
56 |
====== |
57 |
|
58 |
The first vulnerability allows a remote attacker to inject arbitrary |
59 |
shell code in a specially-crafted e-mail. This could lead to remote |
60 |
code execution with the privileges of the user running Webmin or |
61 |
Usermin. |
62 |
|
63 |
The second could allow local users who know Webmin or Usermin is going |
64 |
to be installed to have arbitrary files be overwritten by creating a |
65 |
symlink by the name /tmp/.webmin that points to some target file, e.g. |
66 |
/etc/passwd. |
67 |
|
68 |
Workaround |
69 |
========== |
70 |
|
71 |
There is no known workaround at this time. |
72 |
|
73 |
Resolution |
74 |
========== |
75 |
|
76 |
All Usermin users should upgrade to the latest version: |
77 |
|
78 |
# emerge sync |
79 |
|
80 |
# emerge -pv ">=app-admin/usermin-1.090" |
81 |
# emerge ">=app-admin/usermin-1.090" |
82 |
|
83 |
All Webmin users should upgrade to the latest version: |
84 |
|
85 |
# emerge sync |
86 |
|
87 |
# emerge -pv ">=app-admin/webmin-1.160" |
88 |
# emerge ">=app-admin/webmin-1.160" |
89 |
|
90 |
References |
91 |
========== |
92 |
|
93 |
[ 1 ] Secunia Advisory SA12488 |
94 |
http://secunia.com/advisories/12488/ |
95 |
[ 2 ] Usermin Changelog |
96 |
http://www.webmin.com/uchanges.html |
97 |
|
98 |
Availability |
99 |
============ |
100 |
|
101 |
This GLSA and any updates to it are available for viewing at |
102 |
the Gentoo Security Website: |
103 |
|
104 |
http://security.gentoo.org/glsa/glsa-200409-15.xml |
105 |
|
106 |
Concerns? |
107 |
========= |
108 |
|
109 |
Security is a primary focus of Gentoo Linux and ensuring the |
110 |
confidentiality and security of our users machines is of utmost |
111 |
importance to us. Any security concerns should be addressed to |
112 |
security@g.o or alternatively, you may file a bug at |
113 |
http://bugs.gentoo.org. |
114 |
|
115 |
License |
116 |
======= |
117 |
|
118 |
Copyright 2004 Gentoo Foundation, Inc; referenced text |
119 |
belongs to its owner(s). |
120 |
|
121 |
The contents of this document are licensed under the |
122 |
Creative Commons - Attribution / Share Alike license. |
123 |
|
124 |
http://creativecommons.org/licenses/by-sa/1.0 |
125 |
-----BEGIN PGP SIGNATURE----- |
126 |
Version: GnuPG v1.2.4 (GNU/Linux) |
127 |
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org |
128 |
|
129 |
iQEVAwUBQUSoAbDO2aFJ9pv2AQIrDggAuEDR9uz2KNl/7Z0a+kn/wZ0eaf4/gmsS |
130 |
RG6539CXmk9m4HIyz204duru9Qp8LTAhBabOvf4VyofWNtKEhF+Ide5w++4rBkKE |
131 |
mEeD4fCOEr4TUMjVx8qSXjbGSSzGYCREB2PwnHm+G8k3RFaqgtEPmusBr0Kh0WWh |
132 |
UwKGGIuHU5m8LuT1kq7frGDy7zZzbPtOPqp3vkSDsaIQhJckk6cIUlo/qezwrBtg |
133 |
t9oZ8qm1cILR0n+y9IxbBVdZLRwhHoLpBrBI/spJOT2+J7Szl/RRyn78eFtAqjVx |
134 |
G9Ng8RO36Q/JBMdrzNx/zwTEsLTRNi1nkpMFrOMyBNzjTIhZBlZ+Bg== |
135 |
=wprj |
136 |
-----END PGP SIGNATURE----- |