Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2001-1074

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2001-1074
Last Modified 05 Sep 2008 04:25:37
Published 28 May 2001 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2001-1074

Summary

Webmin 0.84 and earlier does not properly clear the HTTP_AUTHORIZATION environment variable when the web server is restarted, which makes authentication information available to all CGI programs and allows local users to gain privileges.

Vulnerable Systems

Application

  • Webmin 0.5

  • Webmin 0.6

  • Webmin 0.7

  • Webmin 0.80

  • Webmin 0.83

  • Webmin 0.84


References

XF - webmin-gain-information(6627)

BID - 2795

MANDRAKE - MDKSA-2001:059

CALDERA - CSSA-2001-019.1

BUGTRAQ - 20010526 Webmin Doesn't Clean Env (root exploit)


Last Updated: 27 May 2016 10:36:30