Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-1672

Overview

Vulnerability Score 2.1 2.1
CVE Id CVE-2002-1672
Last Modified 05 Sep 2008 04:31:13
Published 31 Dec 2002 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2002-1672

Summary

Webmin 0.92, when installed from an RPM, creates /var/webmin with insecure permissions (world readable), which could allow local users to read the root user's cookie-based authentication credentials and possibly hijack the root user's session using the credentials.

Vulnerable Systems

Application

  • Webmin 0.92

  • Webmin 0.92.1


References

XF - webmin-directory-permissions(8595)

BID - 4328

CONFIRM - http://www.webmin.com/changes.html


Last Updated: 27 May 2016 10:37:26