ALERT Webmin Vulnerability

wardmundy

wardmundy

Nerd Uno
Joined
Oct 12, 2007
Messages
19,201
Reaction score
5,221
:iagree: Thanks for the heads up, james. WebMin is an excellent tool to look at stuff and an awful tool to make changes, the consequences of which you don't understand. In the PIAF and Incredible PBX environment, the 1.680 (and below) bug will not be a problem on systems as delivered since we only allow https root access with the existing root password anyway. The root user has always had permissions to delete files with WebMin. You've also got to work pretty hard to trigger the inadvertent deletion of files with the documented bug methodology.

The vulnerability doesn't exist at all on later standalone releases of Incredible PBX which include WebMin 1.7.0 (Ubuntu) or 1.6.9.0-1 (CentOS). Nor does it exist in systems built with the PIAF3 installer (with or without the addition of Incredible PBX) which loads WebMin 1.6.9. Older PIAF system would be a problem. On those systems, WebMin can be upgraded from within the WebMin interface.
 
You must log in or register to reply here.

Members online

No members online now.
Total: 124 (members: 0, guests: 124)

Latest Posts

Forum statistics

Threads
25,812
Messages
167,763
Members
19,241
Latest member
bellabos
Get 3CX - Absolutely Free!

Link up your team and customers Phone System Live Chat Video Conferencing

Hosted or Self-managed. Up to 10 users free forever. No credit card. Try risk free.

3CX
A 3CX Account with that email already exists. You will be redirected to the Customer Portal to sign in or reset your password if you've forgotten it.
Verify your Email

Check your inbox!

We’ve sent you an email. Click on the button in the email body to verify your email address – (if you can not find it, check your spam folder).

Upon verification you will be directed to the 3CX setup wizard.

Top