Rapid7 Vulnerability & Exploit Database

SuSE: webmin 1.230-2

Back to Search

SuSE: webmin 1.230-2

Severity
9
CVSS
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
Published
08/24/2004
Created
07/25/2018
Added
11/08/2005
Modified
11/18/2015

Description

If Webmin or Usermin is configured to use full PAM conversations, it is vulnerable to the remote execution of arbitrary code with root privileges.

Keigo Yamazaki discovered that the miniserv.pl webserver, used in both Webmin and Usermin, does not properly validate authentication credentials before sending them to the PAM (Pluggable Authentication Modules) authentication process.

Solution(s)

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;