Webmin – Statistics Hardlink Arbitrary File Access (R911-0135)

Type: Hardlink Arbitrary File Access
Location: Local
Impact: High
Product: Webmin
Website: http://www.webmin.com/
Vulnerable Version: 1.670
Fixed Version: 1.680
CVE: -
R911: 0135
Date: 2014-03-13
By: Rack911

Product Description:

Webmin is a web-based interface for system administration for Unix. Using any modern web browser, you can setup user accounts, Apache, DNS, file sharing and much more. Webmin removes the need to manually edit Unix configuration files like /etc/passwd, and lets you manage a system from the console or remotely.

Vulnerability Description:

It is possible for a malicious user to view any file on the server, including root owned files, by using a hardlink pointing to the Webalizer and AwStats statistics files and then accessing the features within Webmin.

Impact:

We have deemed this vulnerability to be rated as HIGH due to the fact that sensitive information can be obtained.

Vulnerable Version:

This vulnerability was tested against Webmin 1.670.

Fixed Version:

This vulnerability was patched in Webmin 1.680.

Vendor Contact Timeline:

2014-03-10: Vendor contacted via email.
2014-03-11: Vendor confirms vulnerability.
2014-03-13: Vendor issues 1.680 update.
2014-03-13: Rack911 issues security advisory.