Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[SNS Advisory No.83] Webmin/Usermin PAM Authentication Bypass Vulnerabil

from [snsadv] Network Security [Permanent Link]
Subject: [SNS Advisory No.83] Webmin/Usermin PAM Authentication Bypass Vulnerability
Date: Wed, 21 Sep 2005 16:14:45 +0900 
------------------------------------------------------------------
SNS Advisory No.83
Webmin/Usermin PAM Authentication Bypass Vulnerability

Problem first discovered on: Sun, 04 Sep 2005
Published on: Tue, 20 Sep 2005
------------------------------------------------------------------

Severity Level:
---------------
  High


Overview:
---------
  A vulnerability that could result in a session ID spoofing exists in 
  miniserv.pl, which is a webserver program that gets both Webmin and 
  Usermin to run.


Problem Description:
--------------------
  Webmin is a web-based system administration tool for Unix. Usermin
  is a web interface that allows all users on a Unix system to easily
  receive mails and to perform SSH and mail forwarding configuration.

  Miniserv.pl is a webserver program that  both Webmin and Usermin
  to run. Miniserv.pl carries out named pipe communication between the 
  parent and the child process during the creation and Confirmation of 
  effectiveness of a session ID (session used for access control via 
  the Web).

  Miniserv.pl does not check whether metacharacters, such as line feed 
  or carriage return, are included with user supplied strings during the 
  PAM(Pluggable Authentication Modules) authentication process.

  Exploitation therefore, could make it possible for attackers to bypass
  authentication and execute arbitrary command as root.


Tested Versions:
----------------
  Webmin Version  : 1.220 
  Usermin Version : 1.150


Solution:
---------
  This problem can be eliminated by upgrading to Webmin version 1.230 and
  to Usermin version 1.160, which are available at:

  http://www.webmin.com/ 


Discovered by:
--------------
  Keigo Yamazaki (LAC)


Thanks to:
----------
  This SNS Advisory is being published in coordination with 
Information-technology 
  Promotion Agency, Japan (IPA) and JPCERT/CC. 

  http://jvn.jp/jp/JVN%2340940493/index.html
  http://www.ipa.go.jp/security/vuln/documents/2005/JVN_40940493_webmin.html


Disclaimer:
-----------
  The information contained in this advisory may be revised without prior
  notice and is provided as it is. Users shall take their own risk when
  taking any actions following reading this advisory. LAC Co., Ltd.
  shall take no responsibility for any problems, loss or damage caused
  by, or by the use of information provided here.

  This advisory can be found at the following URL:
  http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/83_e.html
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [SNS Advisory No.83] Webmin/Usermin PAM Authentication Bypass Vulnerability, snsadv <=
Previous by Date:  [BuHa-Security] Multiple vulnerabilities in (admincp/modcp of) vBulletin 3.0.7, bugtraq
Next by Date:  PocketPC exploitation, Jose Morales
Previous by Thread:  [BuHa-Security] Multiple vulnerabilities in (admincp/modcp of) vBulletin 3.0.7, bugtraq
Next by Thread:  PocketPC exploitation, Jose Morales
Indexes:  [Date] [Thread] [Top] [All Lists]