CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
EPSS
Percentile
99.9%
Webmin 1.580, and possibly earlier versions, has been reported to contain input validation vulnerabilities.
The advisories from American Information Security Group report the following vulnerabilities.
CWE-20: Improper Input Validation - CVE-2012-2981
βAn input validation flaw allows for authenticated users to execute arbitrary Perl statements, commands, or libraries by parsing any file provided.β
CWE-77:Improper Neutralization of Special Elements used in a Command- CVE-2012-2982
βAn input validation flaw within /file/show.cgi allows for authenticated users to execute arbitrary system commands as a privileged user. Additionally, anyone with a previously established session can be made to execute arbitrary commands on the server by embedding the attack in HTML codeβsuch as IMG SRC tags within HTML emails.β
CWE-22:Improper Limitation of a Pathname to a Restricted Directory- CVE-2012-2983
βA directory traversal flaw within edit_html.cgi allows an attacker to view any file as user root.β
Full details of each vulnerability are available in the American Information Security Group advisories linked in the References section.
An authenticated attacker may be able to execute arbitrary commands.
We are currently unaware of a practical solution to this problem. The vendor is aware of the vulnerabilities and has patches available in the development branch but an official version including the patches was not available at the time of publication.
Patch for CVE-2012-2981
<https://github.com/webmin/webmin/commit/ed7365064c189b8f136a9f952062249167d1bd9e>
Patch for CVE-2012-2982
<https://github.com/webmin/webmin/commit/1f1411fe7404ec3ac03e803cfa7e01515e71a213>
Patch for CVE-2012-2983
<https://github.com/webmin/webmin/commit/4cd7bad70e23e4e19be8ccf7b9f245445b2b3b80>
Please consider the following workarounds.
Restrict access
As a general good security practice, only allow connections from trusted hosts and networks. Restricting access would prevent an attacker from accessing Webmin using stolen credentials from a blocked network location.
788478
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Notified: July 10, 2012 Updated: September 05, 2012
Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Group | Score | Vector |
---|---|---|
Base | 8.5 | AV:N/AC:M/Au:S/C:C/I:C/A:C |
Temporal | 6.9 | E:POC/RL:TF/RC:C |
Environmental | 5.2 | CDP:ND/TD:M/CR:ND/IR:ND/AR:ND |
Thanks to the American Information Security Group for reporting this vulnerability.
This document was written by Jared Allar.
CVE IDs: | CVE-2012-2981, CVE-2012-2982, CVE-2012-2983 |
---|---|
Date Public: | 2012-09-06 Date First Published: |
americaninfosec.com/research/index.html
www.americaninfosec.com/research/dossiers/AISG-12-000.pdf
www.americaninfosec.com/research/dossiers/AISG-12-001.pdf
www.americaninfosec.com/research/dossiers/AISG-12-002.pdf
www.webmin.com/
github.com/webmin/webmin/commit/1f1411fe7404ec3ac03e803cfa7e01515e71a213
github.com/webmin/webmin/commit/4cd7bad70e23e4e19be8ccf7b9f245445b2b3b80
github.com/webmin/webmin/commit/ed7365064c189b8f136a9f952062249167d1bd9e