In association with heise online

26 September 2007, 12:01

Webmin allows execution of arbitrary commands

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

The Webmin open source remote administration application allows administrators with restricted privileges to execute arbitrary commands. By passing special parameters in URLs, administrators can cause command execution, thereby escalating their privileges. The developers have not disclosed the nature of the required parameters, but have stated that only the Windows version is affected. Webmin 1.370, in which the vulnerability is fixed, has been released for download. Users of Windows versions of Webmin should install the new package as soon as possible.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit