Orange Business Services
Vigil@nce Vigil@nce Vigil@nce
analyzing computer vulnerabilities since 1999
  home presentation vulnerabilities documentation contact  
subscriber area subscriber area
free access free access
The Vigil@nce team watches vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.
recent vulnerabilities recent vulnerabilities
tracked products tracked products
RSS feed RSS feed
vulnerability

vulnerability bulletin CVE-2012-2981 CVE-2012-2982 CVE-2012-2983

Webmin: three vulnerabilities

Synthesis of the vulnerability

An authenticated attacker can use three vulnerabilities of Webmin, in order to execute Perl code, or to read a file with root privileges.
Impacted products: MBS, MES, Solaris, Webmin.
Severity: 3/4.
Creation date: 07/09/2012.
Identifiers: AISG-12-000, AISG-12-001, AISG-12-002, BID-55446, CVE-2012-2981, CVE-2012-2982, CVE-2012-2983, CVE-2012-4893, MDVSA-2014:062, VIGILANCE-VUL-11923, VU#788478.

Description of the vulnerability

Three vulnerabilities were announced in Webmin.

An authenticated attacker can use the "type" parameter of status/edit_mon.cgi and status/save_mon.cgi, in order to execute Perl code on the server. [severity:3/4; AISG-12-000, CVE-2012-2981]

An authenticated attacker can use a malicious filename for file/show.cgi, in order to execute a Perl command (VIGILANCE-VUL-11943). [severity:3/4; AISG-12-001, CVE-2012-2982, CVE-2012-4893]

An authenticated attacker can use file/edit_html.cgi, in order to read a file with root privileges. [severity:3/4; AISG-12-002, CVE-2012-2983]

An authenticated attacker can therefore use three vulnerabilities of Webmin, in order to execute Perl code, or to read a file with root privileges.
Complete Vigil@nce bulletin.... (free access)

Share this bulletin

Delicious Digg Facebook Google bookmarks LinkedIn Mail Reddit StumbleUpon Technorati Twitter 

Computer vulnerabilities tracking service

Vigil@nce provides applications vulnerabilities bulletins. Each administrator can customize the list of products for which he wants to receive vulnerability alerts. The Vigil@nce vulnerability database contains several thousand vulnerabilities. The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system.



















Copyright 1999-2014 Vigil@nce. Vigil@nce is a service from Orange Business Services. Site map. Legal notice. Version française