Full Disclosure mailing list archives
Re: Webmin miniserv.pl format string vulnerability
From: Bernhard Mueller <research () sec-consult com>
Date: Tue, 29 Nov 2005 19:26:39 +0100
As it says on http://www.dyadsecurity.com/s_advisory.html: PUBLISHED ADVISORIES. Webmin Date Found: September 23, 2005. Public Release: November 29, 2005. Application: webmin miniserv.pl, all known versions Details: Webmin 0001 Advisory UPCOMING ADVISORIES. Perl Description: Cross platform programming language. Affected: To be announced. Release Date: To be announced. I guess we can expect some kind of "code execution thru perl sprintf" advisory. advisory () dyadsecurity com wrote:
SUMMARY. The webmin `miniserv.pl' web server component is vulnerable to a new class of exploitable (remote code) perl format string vulnerabilities. During the login process it is possible to trigger this (...) A generic remote code execution exploit method has been developed by a third party that is reachable though this hole itself.
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Webmin miniserv.pl format string vulnerability advisory (Nov 29)
- Message not available
- Re: Webmin miniserv.pl format string vulnerability Jack (Nov 29)
- Message not available
- Re: Webmin miniserv.pl format string vulnerability H D Moore (Nov 29)
- Re: Webmin miniserv.pl format string vulnerability Bernhard Mueller (Nov 29)