Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-2982

Overview

Vulnerability Score 6.5 6.5
CVE Id CVE-2012-2982
Last Modified 29 May 2013 11:16:15
Published 11 Sep 2012 02:55:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2012-2982

Summary

file/show.cgi in Webmin 1.590 and earlier allows remote authenticated users to execute arbitrary commands via an invalid character in a pathname, as demonstrated by a | (pipe) character.

Vulnerable Systems

Application

  • Gentoo Webmin 1.140

  • Gentoo Webmin 1.150

  • Gentoo Webmin 1.160

  • Gentoo Webmin 1.170

  • Gentoo Webmin 1.180

  • Gentoo Webmin 1.200

  • Gentoo Webmin 1.210

  • Gentoo Webmin 1.220

  • Gentoo Webmin 1.230

  • Gentoo Webmin 1.240

  • Gentoo Webmin 1.260

  • Gentoo Webmin 1.270

  • Gentoo Webmin 1.280

  • Gentoo Webmin 1.290

  • Gentoo Webmin 1.300

  • Gentoo Webmin 1.310

  • Gentoo Webmin 1.320

  • Gentoo Webmin 1.330

  • Gentoo Webmin 1.340

  • Gentoo Webmin 1.370

  • Gentoo Webmin 1.380

  • Gentoo Webmin 1.390

  • Gentoo Webmin 1.400

  • Gentoo Webmin 1.410

  • Gentoo Webmin 1.420

  • Gentoo Webmin 1.430

  • Gentoo Webmin 1.440

  • Gentoo Webmin 1.450

  • Gentoo Webmin 1.470

  • Gentoo Webmin 1.480

  • Gentoo Webmin 1.500

  • Gentoo Webmin 1.510

  • Gentoo Webmin 1.520

  • Gentoo Webmin 1.530

  • Gentoo Webmin 1.550

  • Gentoo Webmin 1.560

  • Gentoo Webmin 1.570

  • Gentoo Webmin 1.580

  • Gentoo Webmin 1.590


References

CERT-VN - VU#788478

CONFIRM - https://github.com/webmin/webmin/commit/1f1411fe7404ec3ac03e803cfa7e01515e71a213

MISC - http://www.americaninfosec.com/research/dossiers/AISG-12-001.pdf

MISC - http://americaninfosec.com/research/index.html

SECTRACK - 1027507

CONFIRM - http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf

Related Patches

SUN145006-04 Solaris 10 SPARC: Webmin patch (Rev 2)

SUN145007-04 Solaris 10 x86: Webmin patch (Rev 2)


Last Updated: 27 May 2016 11:00:40