Date: Mon, 19 Jan 2015 14:15:42 -0400 From: Patrick William <pat@...k911labs.com> To: oss-security@...ts.openwall.com Subject: CVE Request: Webmin & Usermin - Read Mail Module Vulnerability Hi, I need to request 2 CVE's; one for Usermin and one for Webmin. Both of them are vulnerable to a hardlink arbitrary file access within the Read Mail Module. The end result is the ability to open any file on the server, including root owned files, which could lead to a privilege escalation. Reference: http://www.webmin.com/index.html "January 1: Webmin 1.730 and Usermin 1.640 released - This update includes security fixes to produce against malicious links in the Read Mail module..." Thanks! Patrick
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ