Lucene search

K

SAINT CorporationSAINT:C9DE001D5E7786DA5DD043C03D1A3B1C

HistoryNov 26, 2012 - 12:00 a.m.

Webmin show.cgi Open Function Call Command Execution

2012-11-2600:00:00

SAINT Corporation

www.saintcorporation.com

28

0.973 High

EPSS

Percentile

99.9%

Added: 11/26/2012
CVE: CVE-2012-2982
BID: 55446
OSVDB: 85248

Background

Webmin is a web-based interface for system administration of Unix systems. The Webmin web server listens by default on port 10000/tcp.

Problem

Webmin 1.59 and earlier are vulnerable to remote code execution as a result of improper sanitization of path information passed to **show.cgi** which is later used in an open() function call. An authenticated user could exploit this vulnerability to inject and execute arbitrary shell commands.

Resolution

Upgrade to Webmin 1.60 or later.

References

<http://www.kb.cert.org/vuls/id/788478>
<http://www.securelist.com/en/advisories/50512>
<http://www.americaninfosec.com/research/dossiers/AISG-12-001.pdf>

Limitations

This exploit has been tested against Webmin 1.580 on CentOS 6 with Exec-Shield enabled.

A valid Webmin user’s credentials must be given to the exploit script.

The **netcat** (**nc**) utility must be installed on the target platform.

This vulnerability is found only in specific, non-default configurations.

0.973 High

EPSS

Percentile

99.9%

Related for SAINT:C9DE001D5E7786DA5DD043C03D1A3B1C

packetstorm1 saint3 checkpoint_advisories1 cve2 prion2 nessus3 cert1 openvas1 securityvulns2