Gentoo Advisory: Usermin Malicious Code Threat Via Email Exploit

A bug in Usermin, a widely used administration console for Unix and Linux, could allow a hacker to run malicious code through a specially crafted email, reported security researchers. . . . A bug in Usermin, a widely used administration console for Unix and Linux, could allow a hacker to run malicious code through a specially crafted email, reported security researchers.

According to an advisory released by Gentoo, a bug in the installation script of Webmin and Usermin could also enable local users to execute a symlink attack at installation time.

Webmin and Usermin are web-based system administration consoles. Webmin allows an administrator to configure servers and other features, while Usermin allows users to configure their own accounts, execute commands, and read e-mail. The Usermin functionality, including webmail, is also included in Webmin.

The link for this article located at CXOtoday Staff is no longer available.