Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 7 articles for you...
203
security advisoryfile accesswebminMageia 8 MGASA-2022-0216 Moderate: Webmin User Privilege Escalation
Less privileged Webmin users (excluding those created by Virtualmin and Cloudmin) can modify arbitrary files with root privileges, and so run commands as root (CVE-2022-30708). References: . MGASA-2022-0216 - Updated webmin packages fix security vulnerability Publication date: 03 Jun 2022 URL: https://advisories.mageia.org/MGASA-2022-0216.html Type: security Affected Mageia releases: 8 CVE: CVE-2022-30708 Less privileged Webmin users (excluding those created by Virtualmin and Cloudmin) can modify arbitrary files with root privileges, and so run commands as root (CVE-2022-30708). References: - https://bugs.mageia.org/show_bug.cgi?id=30465 - https://webmin.com/security/ - https://webmin.com/tags/webmin-changelog/ - https://www.cve.org/CVERecord?id=CVE-2022-30708 SRPMS: - 8/core/webmin-1.994-1.mga8 . MGASA-2022-0217: New versions of Webmin for Mageia resolve a severe security vulnerability that permitted unauthorized root file access.. Mageia Webmin Security Fix, User Privilege Escalation, Webmin Update. . Severity: Important. LinuxSecurity.com Team
Jun 03, 2022
•Important
Mageia
203
security advisorynetwork configurationwebminMageia: 2021-0344 Moderate: Webmin Input Handling Issue
The webmin package has been updated to version 1.979, which has fixes for handling un-trusted inputs in the Network Configuration module. Also, the openvpn module has been updated to version 3.2. . MGASA-2021-0344 - Updated webmin package fixes security vulnerability Publication date: 12 Jul 2021 URL: https://advisories.mageia.org/MGASA-2021-0344.html Type: security Affected Mageia releases: 7, 8 The webmin package has been updated to version 1.979, which has fixes for handling un-trusted inputs in the Network Configuration module. Also, the openvpn module has been updated to version 3.2. References: - https://bugs.mageia.org/show_bug.cgi?id=29137 - https://webmin.com/tags/webmin-changelog/ - ;catid=7 SRPMS: - 7/core/webmin-1.979-1.1.mga7 - 8/core/webmin-1.979-1.1.mga8 . Explore the details of Mageia 2021-0344: the recent webmin security patch enhancing network settings and optimizing openvpn performance.. webmin update,Mageia security,network configuration,openvpn module. . LinuxSecurity.com Team
Jul 12, 2021
Mageia
89
security advisorymoderatefedoraFedora 34: 2021-7ac1821d1f Critical: SQL Injection In Webmin Advisory
Update to 1.2.6.2 (#1906752). --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2020-6cc5654c0e 2020-12-21 01:31:12.651546 --------------------------------------------------------------------------------Name : phpldapadmin Product : Fedora 33 Version : 1.2.6.2 Release : 1.fc33 URL : https://sourceforge.net/projects/phpldapadmin/ Summary : Web-based tool for managing LDAP servers Description : PhpLDAPadmin is a web-based LDAP client. It provides easy, anywhere-accessible, multi-language administration for your LDAP server. Its hierarchical tree-viewer and advanced search functionality make it intuitive to browse and administer your LDAP directory. Since it is a web application, this LDAP browser works on many platforms, making your LDAP server easily manageable from any location. PhpLDAPadmin is the perfect LDAP browser for the LDAP professional and novice alike. Its user base consists mostly of LDAP administration professionals. Edit /etc/phpldapadmin/config.php to change default (localhost) LDAP server location and other things. Edit /etc/httpd/conf.d/phpldapadmin.conf to allow access by remote web-clients. --------------------------------------------------------------------------------Update Information: Update to 1.2.6.2 (#1906752) --------------------------------------------------------------------------------ChangeLog: * Fri Dec 11 2020 Dmitry Butskoy - 1.2.6.2-1 - Update to 1.2.6.2 (#1906752) --------------------------------------------------------------------------------References: [ 1 ] Bug #1906752 - CVE-2020-35132 phpldapadmin: allows users to store malicious values which could result in XSS via get_request in lib/function.php https://bugzilla.redhat.com/show_bug.cgi?id=1906752 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisoryFEDORA-2020-6cc5654c0e' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Dec 20, 2020
•Critical
Fedora
203
security advisoryxsswebminMageia 7: MGASA-2020-0400 Moderate: Webmin XSS and Input Issues
An XSS Vulnerability exists in Webmin 1.941 and earlier affecting the Cluster Shell Commands Endpoint. A user may enter any XSS Payload into the Command field and execute it. Then, after revisiting the Cluster Shell Commands Menu, the XSS Payload will be rendered and executed. (CVE-2020-8820) . MGASA-2020-0400 - Updated webmin package fixes security vulnerabilities Publication date: 08 Nov 2020 URL: https://advisories.mageia.org/MGASA-2020-0400.html Type: security Affected Mageia releases: 7 CVE: CVE-2020-8820, CVE-2020-8821, CVE-2020-12670 An XSS Vulnerability exists in Webmin 1.941 and earlier affecting the Cluster Shell Commands Endpoint. A user may enter any XSS Payload into the Command field and execute it. Then, after revisiting the Cluster Shell Commands Menu, the XSS Payload will be rendered and executed. (CVE-2020-8820) An Improper Data Validation Vulnerability exists in Webmin 1.941 and earlier affecting the Command Shell Endpoint. A user may enter HTML code into the Command field and submit it. Then, after visiting the Action Logs Menu and displaying logs, the HTML code will be rendered (however, JavaScript is not executed). Changes are kept across users. (CVE-2020-8821) XSS exists in Webmin 1.941 and earlier affecting the Save function of the Read User Email Module / mailboxes Endpoint when attempting to save HTML emails. This module parses any output without sanitizing SCRIPT elements, as opposed to the View function, which sanitizes the input correctly. A malicious user can send any JavaScript payload into the message body and execute it if the user decides to save that email. (CVE-2020-12670) References: - https://bugs.mageia.org/show_bug.cgi?id=27459 - https://webmin.com/security/ - https://webmin.com/tags/webmin-changelog/ - https://www.cve.org/CVERecord?id=CVE-2020-8820 - https://www.cve.org/CVERecord?id=CVE-2020-8821 - https://www.cve.org/CVERecord?id=CVE-2020-12670 SRPMS: - 7/core/webmin-1.960-1.mga7 . MGASA-2020-0500 highlights vulnerabilities in Webminconcerning XSS and deficient input validation on Mageia 8 version. Urgent update suggested!. XSS Exploits, Webmin Security, Mageia Update, Command Shell Vulnerability. . LinuxSecurity.com Team
Nov 08, 2020
Mageia
203
security advisoryupdateremote exploitMageia: 2019-0237 Moderate: Webmin Remote Exploit Risk Fixed
Updated webmin package fixes security vulnerability: Webmin before 1.930 allows remote exploits if the option to change expired passwords is enabled (CVE-2019-15107). . MGASA-2019-0237 - Updated webmin packages fix security vulnerability Publication date: 31 Aug 2019 URL: https://advisories.mageia.org/MGASA-2019-0237.html Type: security Affected Mageia releases: 7 CVE: CVE-2019-15107 Updated webmin package fixes security vulnerability: Webmin before 1.930 allows remote exploits if the option to change expired passwords is enabled (CVE-2019-15107). Note that it is only vulnerable if changing of expired passwords is enabled, which is not the case by default. References: - https://bugs.mageia.org/show_bug.cgi?id=25331 - https://webmin.com/security/ - https://webmin.com/tags/webmin-changelog/ - https://www.cve.org/CVERecord?id=CVE-2019-15107 SRPMS: - 7/core/webmin-1.930-1.mga7 . The latest patches for Webmin tackle a security flaw that might allow remote exploitation on Mageia platforms.. Webmin Security, Mageia Update, Remote Exploit Fix. . LinuxSecurity.com Team
Aug 31, 2019
Mageia
91
security advisorygentoosoftware updateGentoo: GLSA-200707-05 Low Severity: Webmin, Usermin XSS Threat
Webmin and Usermin are vulnerable to cross-site scripting vulnerabilities (XSS).. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200707-05 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Low Title: Webmin, Usermin: Cross-site scripting vulnerabilities Date: July 05, 2007 Bugs: #181385 ID: 200707-05 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Webmin and Usermin are vulnerable to cross-site scripting vulnerabilities (XSS). Background ========= Webmin is a web-based administrative interface for Unix-like systems. Usermin is a simplified version of Webmin designed for use by normal users rather than system administrators. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-admin/webmin < 1.350 > = 1.350 2 app-admin/usermin < 1.280 > = 1.280 ------------------------------------------------------------------- 2 affected packages on all of their supported architectures. ------------------------------------------------------------------- Description ========== The pam_login.cgi file does not properly sanitize user input before sending it back as output to the user. Impact ===== An unauthenticated attacker could entice a user to browse a specially crafted URL, allowing for the execution of script code in the context of the user's browser and for the theft of browser credentials. This may permit the attacker to login to Webmin or Usermin with the user's permissions. Workaround ========= There is noknown workaround at this time. Resolution ========= All Webmin users should update to the latest stable version: # emerge --sync # emerge --ask --verbose --oneshot "> =app-admin/webmin-1.350" All Usermin users should update to the latest stable version: # emerge --sync # emerge --ask --verbose --oneshot "> =app-admin/usermin-1.280" References ========= [ 1 ] CVE-2007-3156 https://www.cve.org/CVERecord?id=CVE-2007-3156 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/200707-05 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to
Jul 06, 2007
•Low
Gentoo
87
security advisorycriticaldebianDebian 3.1: DSA-1199-1 Critical: Webmin Input Vulnerabilities
Updated package.. - ------------------------------------------------------------------------Debian Security Advisory DSA-1199-1
Oct 23, 2006
•Critical
Debian
91
security advisoryhigh severitygentooGentoo: GLSA-200512-02 High: Webmin, Usermin Format String Exploit
Webmin and Usermin are vulnerable to a format string vulnerability which may lead to the execution of arbitrary code.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200512-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Webmin, Usermin: Format string vulnerability Date: December 07, 2005 Bugs: #113888 ID: 200512-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Webmin and Usermin are vulnerable to a format string vulnerability which may lead to the execution of arbitrary code. Background ========= Webmin is a web-based interface for Unix-like systems. Usermin is a simplified version of Webmin designed for use by normal users rather than system administrators. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-admin/webmin < 1.250 > = 1.250 2 app-admin/usermin < 1.180 > = 1.180 ------------------------------------------------------------------- 2 affected packages on all of their supported architectures. ------------------------------------------------------------------- Description ========== Jack Louis discovered that the Webmin and Usermin "miniserv.pl" web server component is vulnerable to a Perl format string vulnerability. Login with the supplied username is logged via the Perl "syslog" facility in an unsafe manner. Impact ===== A remote attacker can trigger this vulnerability via a specially crafted username containing format string data. This can be exploited to consumea large amount of CPU and memory resources on a vulnerable system, and possibly to execute arbitrary code of the attacker's choice with the permissions of the user running Webmin. Workaround ========= There is no known workaround at this time. Resolution ========= All Webmin users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =app-admin/webmin-1.250" All Usermin users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =app-admin/usermin-1.180" References ========= [ 1 ] CVE-2005-3912 [ 2 ] Dyad Security Advisory Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/200512-02 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to
Dec 07, 2005
Gentoo
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!