Title: Webmin Symlink Vulnerability
Severity: MODERATE
Description:
Webmin is a web-based administration interface for Unix systems. Versions of Webmin make use of insecurely-created tempfiles.
Webmin's tempfiles are named in a way that is guessable in advance by a malicious user. This allows an attacker to create a symbolic link with the same name as Webmin's tempfile, and which points to another file which is the target of attack.
When Webmin attempts to write to the predictably-named temporary file, the already-created symbolic link will lead the program to overwrite the symlink's target with the privilege of the webserver process.
Properly exploited, this type of attack may lead to local root access for the attacker.
It has been reported that a number of vulnerable Webmin RPMs are still in circulation and many Linux distributions do not appear to have sufficiently patched this issue. For example, insecure temporary file creation is still known to be prevalent in some post-Webmin 0.8.3 RPMs.
Users are advised to upgrade to the most recent version to avoid any aforementioned problems with the creation of insecure temporary files.
Affected Products:
- RedHat Linux 7.0.0
- Webmin Webmin 0.8.3
- Webmin Webmin 0.8.5 Red Hat
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
