Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.WEBMIN_1_250.NASL
HistoryMar 22, 2018 - 12:00 a.m.

Webmin < 1.250 miniserv.pl Remote Code Execution

2018-03-2200:00:00
This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
114

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.04 Low

EPSS

Percentile

92.1%

JSON

According to its self-reported version, the Webmin install hosted on the remote host is prior to 1.250. It is, therefore, affected by a remote code execution vulnerability if syslog logging is enabled.

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(108549);
  script_version("1.5");
  script_cvs_date("Date: 2019/11/08");

  script_cve_id("CVE-2005-3912");
  script_bugtraq_id(15629);

  script_name(english:"Webmin < 1.250 miniserv.pl Remote Code Execution");
  script_summary(english:"Checks version of Webmin.");

  script_set_attribute(attribute:"synopsis", value:
"The remote web server is affected by a remote code execution
vulnerability.");
  script_set_attribute(attribute:"description", value:
"According to its self-reported version, the Webmin install hosted on
the remote host is prior to 1.250. It is, therefore, affected by 
a remote code execution vulnerability if syslog logging is enabled.");
  script_set_attribute(attribute:"see_also", value:"https://www.securityfocus.com/bid/15629");
  script_set_attribute(attribute:"see_also", value:"http://www.webmin.com/changes.html");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Webmin 1.250 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:ND");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
  script_set_attribute(attribute:"canvas_package", value:'CANVAS');

  script_set_attribute(attribute:"vuln_publication_date", value:"2005/11/30");
  script_set_attribute(attribute:"patch_publication_date", value:"2005/11/30");
  script_set_attribute(attribute:"plugin_publication_date", value:"2018/03/22");

  script_set_attribute(attribute:"potential_vulnerability", value:"true");
  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:webmin:webmin");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CGI abuses");

  script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("webmin.nasl");
  script_require_keys("www/webmin", "Settings/ParanoidReport");
  script_require_ports("Services/www", 10000);

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("http.inc");

app = 'Webmin';
port = get_http_port(default:10000, embedded: TRUE);

get_kb_item_or_exit('www/'+port+'/webmin');
version = get_kb_item_or_exit('www/webmin/'+port+'/version', exit_code:1);
source = get_kb_item_or_exit('www/webmin/'+port+'/source', exit_code:1);

if (report_paranoia < 2) audit(AUDIT_PARANOID);

dir = "/";
install_url = build_url(port:port, qs:dir);

fix = "1.250";

if (ver_compare(ver:version, fix:fix, strict:FALSE) < 0)
{
  report =
    '\n  URL               : ' + install_url +
    '\n  Version Source    : ' + source +
    '\n  Installed version : ' + version +
    '\n  Fixed version     : ' + fix + '\n';

  security_report_v4(severity:SECURITY_HOLE, port:port, extra:report);
}
else audit(AUDIT_WEB_APP_NOT_AFFECTED, app, install_url, version);
VendorProductVersionCPE
webminwebmincpe:/a:webmin:webmin

Related

ubuntucve 1
gentoo 1
openvas 6
canvas 1
cve 1
nessus 9
cvelist 1
nvd 1
freebsd 1
seebug 1
debian 2
osv 1
ubuntucve
ubuntucve
CVE-2005-3912
2005-11-30 00:00:00
gentoo
gentoo
Webmin, Usermin: Format string vulnerability
2005-12-07 00:00:00
openvas
openvas
Gentoo Security Advisory GLSA 200512-02 (webmin usermin)
2008-09-24 00:00:00
Gentoo Security Advisory GLSA 200512-02 (webmin usermin)
2008-09-24 00:00:00
FreeBSD Ports: perl
2008-09-04 00:00:00
canvas
canvas
Immunity Canvas: WEBMIN
2005-11-30 11:03:00
cve
cve
CVE-2005-3912
2005-11-30 11:03:00
nessus
nessus
Webmin 'miniserv.pl' 'username' Parameter Format String
2005-12-26 00:00:00
GLSA-200512-02 : Webmin, Usermin: Format string vulnerability
2005-12-08 00:00:00
Mandrake Linux Security Advisory : webmin (MDKSA-2005:223)
2006-01-15 00:00:00
cvelist
cvelist
CVE-2005-3912
2005-11-30 11:00:00
nvd
nvd
CVE-2005-3912
2005-11-30 11:03:00
freebsd
freebsd
perl, webmin, usermin -- perl format string integer wrap vulnerability
2005-09-23 00:00:00
seebug
seebug
Perlζ ΌεΌδΈ²ε€„η†ζ•΄ζ•°ζΊ’ε‡ΊζΌζ΄ž
2006-11-30 00:00:00
debian
debian
[SECURITY] [DSA 1199-1] New webmin packages fix input validation problems
2006-10-24 01:10:44
[SECURITY] [DSA 1199-1] New webmin packages fix input validation problems
2006-10-24 01:10:44
osv
osv
webmin
2006-10-23 00:00:00

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.04 Low

EPSS

Percentile

92.1%

JSON
Related for WEBMIN_1_250.NASL
ubuntucve1gentoo1openvas6canvas1cve1nessus9cvelist1nvd1freebsd1seebug1debian2osv1