{"vuid":"VU#999601","idnumber":"999601","name":"Webmin and Usermin fail to sanitize user input","keywords":["Webmin","Usermin","authentication bypass","information disclosure"],"overview":"Webmin and Usermin do not properly sanitize user input. This vulnerability may allow a remote, unauthenticated user to view any file on the system running Webmin or Usermin.","clean_desc":"Webmin Webmin is popular web-based administration tool for Unix and Linux servers that allows system administrators to make changes to system processes. Usermin Usermin offers an interface similar to Webmin, but is designed for regular users who are not responsible for system administration tasks. The Problem There is an input validation vulnerability in Usermin and Webmin that could allow a remote, unauthenticated attacker could view any file on the computer running Webmin or Usermin.","impact":"An attacker could read any file on the computer running Webmin or Usermin.","resolution":"Upgrade\nUsermin version Version 1.220 and Webmin version 1.290 have been released to address this vulnerability.","workarounds":"Restrict Access Restrict access to the Webmin and Usermin servers to trusted hosts. Note that in addition to firewall and VPN access control methods, both Webmin and usermin can use SSH tunneling to provide additional layers of encryption and authorization.","sysaffected":"","thanks":"The Webmin team has reported this vulnerability.","author":"This document was written by Ryan Giobbi.","public":["http://secunia.com/advisories/20892/","http://www.webmin.com/uchanges-1.210.html","http://club.mandriva.com/xwiki/bin/KB/SecureSssh5?xpage=code&"],"cveids":["CVE-2006-3392"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2006-06-30T19:31:02Z","publicdate":"2006-06-30T00:00:00Z","datefirstpublished":"2006-07-07T12:43:59Z","dateupdated":"2006-08-01T18:09:46Z","revision":32,"vrda_d1_directreport":"0","vrda_d1_population":"2","vrda_d1_impact":"3","cam_widelyknown":"15","cam_exploitation":"1","cam_internetinfrastructure":"12","cam_population":"7","cam_impact":"8","cam_easeofexploitation":"18","cam_attackeraccessrequired":"18","cam_scorecurrent":"9.5256","cam_scorecurrentwidelyknown":"11.2266","cam_scorecurrentwidelyknownexploited":"17.6904","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":9.5256,"vulnote":null}