Title: Webmin Environment Variable Information Disclosure Vulnerability
Severity: MODERATE
Description:
Webmin is a web-based interface for system administration for Unix. Using any browser that supports tables and forms, you can setup user accounts, Apache, DNS, file sharing and so on.
Webmin consists of a simple web server, and a number of CGI programs which directly update system files like /etc/inetd.conf and /etc/passwd. The web server and all CGI programs are written in Perl version 5, and use no external modules. This means that you only need a Perl binary to run Webmin.
Versions of Webmin prior to the current release (0.85) fail to properly remove sensitive information from certain environment variables.
One such environment variable (HTTP_AUTHORIZATION) contains webmin's administrator login ID and password in mime 64 encoded form. An attacker may trivially read and decode this information, and exploit it (and other data, including host path and configuration information) to further compromise the host, to the extent of potentially obtaining root privilege.
Affected Products:
- Webmin Webmin 0.5.0x
- Webmin Webmin 0.6.0
- Webmin Webmin 0.7.0
- Webmin Webmin 0.8.3
- Webmin Webmin 0.8.4
- Webmin Webmin 0.80.0
- Webmin Webmin 0.85.0
References:
- Webmin: Webmin Homepage
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
