[Webmin-maintainers] Re: Webmin Remote Root Vulnerability
Jamie Cameron
jcameron at webmin.com
Mon Apr 17 16:29:20 UTC 2006
On 17/Apr/2006 05:13 Patrick Winnertz wrote ..
> Jaldhar H. Vyas schrieb:
> > On Thu, 9 Mar 2006, Moritz Muehlenhoff wrote:
> >
> >> It is my understanding that this webmin vulnerabilitity was caused by
> >> the generic format string flaw in perl. As we fixed perl in DSA-943
> this
> >> should be resolved. Can you confim, Jaldhar?
> >>
> >
> > Yes I believe so. The big problem with the webmin packages is that I
> > asked for them to be removed from the archive right around when that
> > problem came up. (I wasn't properly maintaining them for a long time
> > before, that's why I orphaned them.) So there hasn't been any
> > responsible person chasing things like this down.
>
> Jamie do you know if this bug is fixed in the newest webmin (or in the
> webmin which is in the svn (1.150) ?
>
> Do you know the original email? If not i can forward it to you.
Hi Patrick,
This problem was fixed in the 1.260 version of Webmin, so anyone running
1.150 would be vulnerable and should upgrade (assuming they have logging
via syslog enabled).
- Jamie
More information about the Webmin-maintainers
mailing list