Webmin – Read Mail Module Hardlink Arbitrary File Access Vulnerability

January 27, 2015 - by RACK911 Labs

Product Description:

Webmin is a web-based interface for system administration for Unix. Using any modern web browser, you can setup user accounts, Apache, DNS, file sharing and much more. Webmin removes the need to manually edit Unix configuration files like /etc/passwd, and lets you manage a system from the console or remotely.

Vulnerability Discussion:

It is possible for a malicious user to view any file on the server, including root owned files, by creating a hardlink under the user accessible mail directory which will then be rendered within Webmin.

Vendor Contact Timeline:

2014-12-09: Vendor contacted via email.
2014-12-09: Vendor confirms vulnerability.
2015-01-01: Vendor issues 1.730 update.
2015-01-27: RACK911 Labs issues security advisory.

About Us:

https://www.RACK911Labs.com

RACK911 Labs
1110 Palms Airport Drive, Suite 110
Las Vegas, NV 89119

1-855-RACK911