CVE-2012-2982

Severity

65%

Complexity

80%

Confidentiality

106%

file/show.cgi in Webmin 1.590 and earlier allows remote authenticated users to execute arbitrary commands via an invalid character in a pathname, as demonstrated by a | (pipe) character.

file/show.cgi in Webmin 1.590 and earlier allows remote authenticated users to execute arbitrary commands via an invalid character in a pathname, as demonstrated by a | (pipe) character.

CVSS 2.0 Base Score 6.5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:P).

Overview

First reported 12 years ago

2012-09-11 18:55:00

Last updated 12 years ago

2013-05-30 03:16:00

Affected Software

Gentoo webmin 1.140.ebuild

1.140

Gentoo webmin 1.150.ebuild

1.150

Gentoo webmin 1.160.ebuild

1.160

Gentoo webmin 1.170

1.170

Gentoo webmin 1.180

1.180

Gentoo webmin 1.200

1.200

Gentoo webmin 1.210

1.210

Gentoo webmin 1.220

1.220

Gentoo webmin 1.230

1.230

Gentoo webmin 1.240

1.240

Gentoo webmin 1.260

1.260

Gentoo webmin 1.270

1.270

Gentoo webmin 1.280

1.280

Gentoo webmin 1.290

1.290

Gentoo webmin 1.300

1.300

Gentoo webmin 1.310

1.310

Gentoo webmin 1.320

1.320

Gentoo webmin 1.330

1.330

Gentoo webmin 1.340

1.340

Gentoo webmin 1.370

1.370

Gentoo webmin 1.380

1.380

Gentoo webmin 1.390

1.390

Gentoo webmin 1.400

1.400

Gentoo webmin 1.410

1.410

Gentoo webmin 1.420

1.420

Gentoo webmin 1.430

1.430

Gentoo webmin 1.440

1.440

Gentoo webmin 1.450

1.450

Gentoo webmin 1.470

1.470

Gentoo webmin 1.480

1.480

Gentoo webmin 1.500

1.500

Gentoo webmin 1.510

1.510

Gentoo webmin 1.520

1.520

Gentoo webmin 1.530

1.530

Gentoo webmin 1.550

1.550

Gentoo webmin 1.560

1.560

Gentoo webmin 1.570

1.570

Gentoo webmin 1.580

1.580

Gentoo webmin

References

http://americaninfosec.com/research/index.html

http://www.americaninfosec.com/research/dossiers/AISG-12-001.pdf

VU#788478

Patch, US Government Resource

1027507

http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf

https://github.com/webmin/webmin/commit/1f1411fe7404ec3ac03e803cfa7e01515e71a213

Exploit, Patch

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.