18th Dec 2001 [SBWID-4930]
COMMAND
webmin local file writing
SYSTEMS AFFECTED
webmin 0.91
PROBLEM
A. Ramos found that it is possible to write arbitrary files on the
server.
With this software you can start and stop services with simple user,
and edit init scripts. like this:
http://www.domain.com:10000/servers/link.cgi/1008341480/init/edit_action.cgi?0+makedev
but you can use this:
http://www.domain.com:10000/servers/link.cgi/1008341480/init/edit_action.cgi?0+../../../../../etc/shadow
The problem reside on init/edit_action.cgi:
<snip>
open(FILE, $file);
while(<FILE>) {
$data .= $_;
if (/^\\s*([\'\"]?)([a-z]+)\\1\\)/i) {
$hasarg{$2}++;
}
}
close(FILE);
</snip>
SOLUTION
If you have ability to edit init script, you won\'t crash your system.
Will you ?
Workaround
==========
just patch the regexp...
TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2025 AOH
