Full Disclosure mailing list archives
Re: [webmin-devel] XSS in Webmin 1.540 + exploit for privilege escalation
From: Henri Salo <henri () nerv fi>
Date: Sat, 21 May 2011 13:25:07 +0300
On Sat, Apr 23, 2011 at 06:11:12PM -0700, Jamie Cameron wrote:
Hi Javier, Thanks for reporting this - I hadn't considered this attack vector, as I didn't realize that chfn could be used to modify a user's real name. I have created a fix which you can see at : https://github.com/webmin/webmin/commit/46e3d3ad195dcdc1af1795c96b6e0dc778fb6881 Also an update for the Users and Groups module can be found at http://www.webmin.com/updates.html , and will be available from within the Webmin UI. - Jamie
In what Webmin-release this will be fixed? Do you have CVE-identifier for this yet? Best regards, Henri Salo _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: [webmin-devel] XSS in Webmin 1.540 + exploit for privilege escalation Henri Salo (May 21)
- Re: [webmin-devel] XSS in Webmin 1.540 + exploit for privilege escalation Javier Bassi (May 21)