ALERT Webmin Vulnerability

wardmundy

Nerd Uno
Joined
Oct 12, 2007
Messages
19,170
Reaction score
5,199
:iagree: Thanks for the heads up, james. WebMin is an excellent tool to look at stuff and an awful tool to make changes, the consequences of which you don't understand. In the PIAF and Incredible PBX environment, the 1.680 (and below) bug will not be a problem on systems as delivered since we only allow https root access with the existing root password anyway. The root user has always had permissions to delete files with WebMin. You've also got to work pretty hard to trigger the inadvertent deletion of files with the documented bug methodology.

The vulnerability doesn't exist at all on later standalone releases of Incredible PBX which include WebMin 1.7.0 (Ubuntu) or 1.6.9.0-1 (CentOS). Nor does it exist in systems built with the PIAF3 installer (with or without the addition of Incredible PBX) which loads WebMin 1.6.9. Older PIAF system would be a problem. On those systems, WebMin can be upgraded from within the WebMin interface.
 

Members online

Forum statistics

Threads
25,782
Messages
167,513
Members
19,203
Latest member
frapu
Get 3CX - Absolutely Free!

Link up your team and customers Phone System Live Chat Video Conferencing

Hosted or Self-managed. Up to 10 users free forever. No credit card. Try risk free.

3CX
A 3CX Account with that email already exists. You will be redirected to the Customer Portal to sign in or reset your password if you've forgotten it.
Top