vulnerability bulletin CVE-2012-2981 CVE-2012-2982 CVE-2012-2983

Webmin: three vulnerabilities

Synthesis of the vulnerability

An authenticated attacker can use three vulnerabilities of Webmin, in order to execute Perl code, or to read a file with root privileges.
Impacted products: Solaris, Webmin.
Severity: 3/4.
Creation date: 07/09/2012.
Identifiers: AISG-12-000, AISG-12-001, AISG-12-002, BID-55446, CVE-2012-2981, CVE-2012-2982, CVE-2012-2983, CVE-2012-4893, VIGILANCE-VUL-11923, VU#788478.

Description of the vulnerability

Three vulnerabilities were announced in Webmin.

An authenticated attacker can use the "type" parameter of status/edit_mon.cgi and status/save_mon.cgi, in order to execute Perl code on the server. [severity:3/4; AISG-12-000, CVE-2012-2981]

An authenticated attacker can use a malicious filename for file/show.cgi, in order to execute a Perl command (VIGILANCE-VUL-11943). [severity:3/4; AISG-12-001, CVE-2012-2982, CVE-2012-4893]

An authenticated attacker can use file/edit_html.cgi, in order to read a file with root privileges. [severity:3/4; AISG-12-002, CVE-2012-2983]

An authenticated attacker can therefore use three vulnerabilities of Webmin, in order to execute Perl code, or to read a file with root privileges.
Complete Vigil@nce bulletin.... (free access)

Share this bulletin

          

Computer vulnerabilities tracking service

Vigil@nce provides applications vulnerabilities bulletins. Each administrator can customize the list of products for which he wants to receive vulnerability alerts. The Vigil@nce vulnerability database contains several thousand vulnerabilities. The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system.