Full Disclosure: Re: re: webmin remote format string bug

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Full Disclosure mailing list archives

Re: re: webmin remote format string bug

From: Dave Aitel <dave () immunitysec com>
Date: Thu, 01 Dec 2005 16:10:33 -0500

This is exploitable - Immunity has a PoC exploit in our Partner'ssection written by Bas Alberts.


Thanks,
Dave Aitel
Immunity, Inc.


craig () freenet de wrote:

Hello!
I succeeded in crashing webmin 1.230 with:

username %n
password aaaa

after klicking 4 times on "Login" webmin was dead.
There were no logs at all, and no error was shown in the web interface...
Any idea if it's really exploitable (executing code I mean)? Is anyone working on a POC?

giarc () freeet de


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

By Date By Thread

Current thread:

re: webmin remote format string bug giarc (Dec 01)
- <Possible follow-ups>
- re: webmin remote format string bug craig (Dec 01)
  - Re: re: webmin remote format string bug Dave Aitel (Dec 01)