Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title Webmin contains input validation vulnerabilities
Informations
Name VU#788478 First vendor Publication 2012-09-06
Vendor VU-CERT Last vendor Modification 2012-09-06
Severity (Vendor) N/A Revision M

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P)
Cvss Base Score 6.8 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Vulnerability Note VU#788478

Webmin contains input validation vulnerabilities

Original Release date: 06 Sep 2012 | Last revised: 06 Sep 2012

Overview

Webmin 1.580, and possibly earlier versions, has been reported to contain input validation vulnerabilities.

Description

The advisories from American Information Security Group report the following vulnerabilities.

CWE-20: Improper Input Validation - CVE-2012-2981

    "An input validation flaw allows for authenticated users to execute arbitrary Perl statements, commands, or libraries by parsing any file provided."

CWE-77: Improper Neutralization of Special Elements used in a Command - CVE-2012-2982
    "An input validation flaw within /file/show.cgi allows for authenticated users to execute arbitrary system commands as a privileged user. Additionally, anyone with a previously established session can be made to execute arbitrary commands on the server by embedding the attack in HTML code–such as IMG SRC tags within HTML emails."

CWE-22: Improper Limitation of a Pathname to a Restricted Directory - CVE-2012-2983
    "A directory traversal flaw within edit_html.cgi allows an attacker to view any file as user root."

Full details of each vulnerability are available in the American Information Security Group advisories linked in the References section.

Impact

An authenticated attacker may be able to execute arbitrary commands.

Solution

We are currently unaware of a practical solution to this problem. The vendor is aware of the vulnerabilities and has patches available in the development branch but an official version including the patches was not available at the time of publication.

Patch for CVE-2012-2981
https://github.com/webmin/webmin/commit/ed7365064c189b8f136a9f952062249167d1bd9e

Patch for CVE-2012-2982
https://github.com/webmin/webmin/commit/1f1411fe7404ec3ac03e803cfa7e01515e71a213

Patch for CVE-2012-2983
https://github.com/webmin/webmin/commit/4cd7bad70e23e4e19be8ccf7b9f245445b2b3b80

Please consider the following workarounds.

Restrict access

As a general good security practice, only allow connections from trusted hosts and networks. Restricting access would prevent an attacker from accessing Webmin using stolen credentials from a blocked network location.

Vendor Information (Learn More)

VendorStatusDate NotifiedDate Updated
WebminAffected10 Jul 201205 Sep 2012
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

GroupScoreVector
Base9.0AV:N/AC:L/Au:S/C:C/I:C/A:C
Temporal7.7E:POC/RL:W/RC:C
Environmental7.7CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND

References

  • http://www.webmin.com/
  • https://github.com/webmin/webmin/commit/ed7365064c189b8f136a9f952062249167d1bd9e
  • https://github.com/webmin/webmin/commit/1f1411fe7404ec3ac03e803cfa7e01515e71a213
  • https://github.com/webmin/webmin/commit/4cd7bad70e23e4e19be8ccf7b9f245445b2b3b80
  • http://americaninfosec.com/research/index.html
  • http://www.americaninfosec.com/research/dossiers/AISG-12-000.pdf
  • http://www.americaninfosec.com/research/dossiers/AISG-12-001.pdf
  • http://www.americaninfosec.com/research/dossiers/AISG-12-002.pdf

Credit

Thanks to the American Information Security Group for reporting this vulnerability.

This document was written by Jared Allar.

Other Information

  • CVE IDs:CVE-2012-2981CVE-2012-2982CVE-2012-2983
  • Date Public:06 Sep 2012
  • Date First Published:06 Sep 2012
  • Date Last Updated:06 Sep 2012
  • Document Revision:20

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.

This product is provided subject to the Notification as indicated here: http://www.us-cert.gov/legal.html#notify

Original Source

Url : http://www.kb.cert.org/vuls/id/788478

CWE : Common Weakness Enumeration

% Id Name
33 % CWE-352 Cross-Site Request Forgery (CSRF) (CWE/SANS Top 25)
33 % CWE-287 Improper Authentication
33 % CWE-20 Improper Input Validation

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 40

SAINT Exploits

Description Link
Webmin show.cgi Open Function Call Command Execution More info here

Snort® IPS/IDS

Date Description
2019-10-17 Webmin show.cgi arbitrary command injection attempt
RuleID : 51538 - Revision : 1 - Type : SERVER-WEBAPP
2014-01-10 Webmin show.cgi arbitrary command injection attempt
RuleID : 24628 - Revision : 6 - Type : SERVER-WEBAPP

Nessus® Vulnerability Scanner

Date Description
2014-03-18 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2014-062.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2014-01-19 21:31:04
  • Multiple Updates