Usermin Installation .webmin Symlink Privilege Escalation

2004-09-05T00:00:00
ID OSVDB:9775
Type osvdb
Reporter OSVDB
Modified 2004-09-05T00:00:00

Description

Vulnerability Description

Usermin contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when the /tmp/.webmin directory has been created prior to installation. It is possible for a malicious user to create a symlink to any other file on the system, which would be overwritten when Usermin writes to the link filename, resulting in a loss of integrity.

Solution Description

Upgrade to version 1.090 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Usermin contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when the /tmp/.webmin directory has been created prior to installation. It is possible for a malicious user to create a symlink to any other file on the system, which would be overwritten when Usermin writes to the link filename, resulting in a loss of integrity.

References:

Vendor URL: http://www.webmin.com/index6.html Vendor Specific Advisory URL Security Tracker: 1011267 Secunia Advisory ID:12488 Secunia Advisory ID:12627 Other Advisory URL: http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:101 Other Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200409-15.xml Other Advisory URL: http://www.debian.org/security/2004/dsa-544 ISS X-Force ID: 17299 CVE-2004-0559 Bugtraq ID: 11153