SAINT CorporationSAINT:0DD77C13F1E23433C6D9111AC11D49D7Webmin show.cgi Open Function Call Command Execution
6.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.973 High
EPSS
Percentile
99.9%
Added: 11/26/2012
CVE: CVE-2012-2982
BID: 55446
OSVDB: 85248
Background
Webmin is a web-based interface for system administration of Unix systems. The Webmin web server listens by default on port 10000/tcp.
Problem
Webmin 1.59 and earlier are vulnerable to remote code execution as a result of improper sanitization of path information passed to **show.cgi** which is later used in an open() function call. An authenticated user could exploit this vulnerability to inject and execute arbitrary shell commands.
Resolution
Upgrade to Webmin 1.60 or later.
References
<http://www.kb.cert.org/vuls/id/788478>
<http://www.securelist.com/en/advisories/50512>
<http://www.americaninfosec.com/research/dossiers/AISG-12-001.pdf>
Limitations
This exploit has been tested against Webmin 1.580 on CentOS 6 with Exec-Shield enabled.
A valid Webmin user’s credentials must be given to the exploit script.
The **netcat** (**nc**) utility must be installed on the target platform.
This vulnerability is found only in specific, non-default configurations.
Related
6.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.973 High
EPSS
Percentile
99.9%