Webmin 用户请求处理 远程目录遍历漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1194338 漏洞类型 路径遍历
发布时间 2006-06-23 更新时间 2007-02-20
CVE编号 CVE-2006-3274 CNNVD-ID CNNVD-200606-570
漏洞平台 N/A CVSS评分 5.0
|漏洞来源
https://www.securityfocus.com/bid/18613
https://cxsecurity.com/issue/WLB-2006060165
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200606-570
|漏洞详情
Webmin是澳大利亚软件开发者JamieCameron和Webmin社区共同开发的一套基于Web的用于类Unix操作系统中的系统管理工具。Webmin对用户请求的处理上存在目录遍历漏洞,远程攻击者可能利用此漏洞遍历服务器目录非授权访问文件。Webmin没有正确的过滤反斜线("\")。在Windows平台上。攻击者访问公共目录和文件以外的内容。在Webmin的默认配置中,远程攻击者可以利用目录遍历攻击下载任意文件。
|漏洞EXP
----------------------------------------------------------------------
SNS Advisory No.88
Webmin Directory Traversal Vulnerability

Problem first discovered on: Sun, 04 Jun 2006
Published on: Fri, 23 Jun 2006
----------------------------------------------------------------------

Severity Level:
---------------
  Medium

Overview:
---------
  Webmin for Windows contains directory traversal vulnerability that
  allows remote attackers to download arbitrary files without authentication.

Problem Description:
--------------------
  Webmin is a web-based system administration tool for Unix, MacOS X and
  Windows platform.

Webmin 1.270 and earlier versions does not properly handle "" (backslash).
  On Windows platform, this allows attackers to access outside of the public 
  directory and files.

In default configurations of Webmin, it is required authentication to
  access almost directories under top page. But there are some directories
  where is not required authentication to access. For example, the directory 
  which stores the image used before login.

Therefore, by exploiting directory traversal vulnerability from these 
  directories, the vulnerability allows remote attackers to download the 
  contents of arbitrary files without authentication.

Affected Versions:
------------------
  Webmin (on Windows) Version 1.270 and earlier versions

Solution:
---------
  This problem can be addressed by upgrading Webmin to 1.280 or later.

http://www.webmin.com/

Discovered by:
--------------
  Keigo Yamazaki (LAC)

Thanks to:
----------
This SNS Advisory is being published in coordination with Information-technology 
Promotion Agency, Japan (IPA) and JPCERT/CC.

http://jvn.jp/jp/JVN%2367974490/index.html
  http://www.ipa.go.jp/security/vuln/documents/2006/JVN_67974490_webmin.ht
ml

Disclaimer:
-----------
  The information contained in this advisory may be revised without prior
  notice and is provided as it is. Users shall take their own risk when
  taking any actions following reading this advisory. LAC Co., Ltd.
  shall take no responsibility for any problems, loss or damage caused
  by, or by the use of information provided here.

This advisory can be found at the following URL:
  http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/88_e.html
----------------------------------------------------------------------
|受影响的产品
Webmin Webmin 1.270 Webmin Webmin 1.260 Webmin Webmin 1.250 Webmin Webmin 1.240 Webmin Webmin 1.230 Webmin Webmin 1.220 Webmin Webmin 1.210
|参考资料

来源:www.webmin.com
链接:http://www.webmin.com/changes.html
来源:BID
名称:18613
链接:http://www.securityfocus.com/bid/18613
来源:BUGTRAQ
名称:20060623[SNSAdvisoryNo.88]WebminDirectoryTraversalVulnerability
链接:http://www.securityfocus.com/archive/1/archive/1/438149/100/0/threaded
来源:MISC
链接:http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/88_e.html
来源:VUPEN
名称:ADV-2006-2493
链接:http://www.frsirt.com/english/advisories/2006/2493
来源:SECTRACK
名称:1016375
链接:http://securitytracker.com/id?1016375
来源:SECUNIA
名称:20777
链接:http://secunia.com/advisories/20777
来源:JVN
名称:JVN#67974490
链接:http://jvn.jp/jp/JVN%2367974490/index.html
来源:XF
名称:webmin-backslash-directory-traversal(27366)
链接:http://xforce.iss.net/xforce/xfdb/27366
来源:SREASON
名称:1161
链接:http://securityreason.com/securityalert/1161