Archive for January, 2015

Webmin – Read Mail Module Hardlink Arbitrary File Access (R911-0172)

Tuesday, January 27th, 2015

Type: Hardlink Arbitrary File Access
Location: Local
Impact: High
Product: Webmin
Website: http://www.webmin.com/
Vulnerable Version: 1.720
Fixed Version: 1.730
CVE: CVE-2015-1377
R911: 0172
Date: 2015-01-27
By: RACK911

Product Description:

Webmin is a web-based interface for system administration for Unix. Using any modern web browser, you can setup user accounts, Apache, DNS, file sharing and much more. Webmin removes the need to manually edit Unix configuration files like /etc/passwd, and lets you manage a system from the console or remotely.

Vulnerability Description:

It is possible for a malicious user to view any file on the server, including root owned files, by creating a hardlink under the user accessible mail directory which will then be rendered within Webmin.

Impact:

We have deemed this vulnerability to be rated as HIGH due to the fact that sensitive information can be obtained.

Vulnerable Version:

This vulnerability was tested against Webmin 1.720.

Fixed Version:

This vulnerability was patched in Webmin 1.730.

Vendor Contact Timeline:

2014-12-09: Vendor contacted via email.
2014-12-09: Vendor confirms vulnerability.
2015-01-01: Vendor issues 1.730 update.
2015-01-27: RACK911 issues security advisory.

Usermin – Read Mail Module Hardlink Arbitrary File Access (R911-0171)

Tuesday, January 27th, 2015

Type: Hardlink Arbitrary File Access
Location: Local
Impact: High
Product: Usermin
Website: http://www.webmin.com/usermin.html
Vulnerable Version: 1.630
Fixed Version: 1.640
CVE: CVE-2015-1377
R911: 0171
Date: 2015-01-27
By: RACK911

Product Description:

Usermin is a web-based interface for webmail, password changing, mail filters, fetchmail and much more. It is designed for use by regular non-root users on a Unix system, and limits them to tasks that they would be able to perform if logged in via SSH or at the console.

Vulnerability Description:

It is possible for a malicious user to view any file on the server, including root owned files, by creating a hardlink under the user accessible mail directory which will then be rendered within Usermin.

Impact:

We have deemed this vulnerability to be rated as HIGH due to the fact that sensitive information can be obtained.

Vulnerable Version:

This vulnerability was tested against Usermin 1.630.

Fixed Version:

This vulnerability was patched in Usermin 1.640.

Vendor Contact Timeline:

2014-12-09: Vendor contacted via email.
2014-12-09: Vendor confirms vulnerability.
2015-01-01: Vendor issues 1.640 update.
2015-01-27: RACK911 issues security advisory.