|
Full Disclosure
mailing list archives
Re: [webmin-devel] XSS in Webmin 1.540 + exploit for privilege escalation
From: Henri Salo <henri () nerv fi>
Date: Sat, 21 May 2011 13:25:07 +0300
On Sat, Apr 23, 2011 at 06:11:12PM -0700, Jamie Cameron wrote:
Hi Javier,
Thanks for reporting this - I hadn't considered this attack
vector, as I didn't realize that chfn could be used to modify a user's
real name.
I have created a fix which you can see at :
https://github.com/webmin/webmin/commit/46e3d3ad195dcdc1af1795c96b6e0dc778fb6881
Also an update for the Users and Groups module can be found at
http://www.webmin.com/updates.html , and will be available from within
the Webmin UI.
- Jamie
In what Webmin-release this will be fixed? Do you have CVE-identifier for this yet?
Best regards,
Henri Salo
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
 By Date 
By Thread
Current thread:
- Re: [webmin-devel] XSS in Webmin 1.540 + exploit for privilege escalation Henri Salo (May 21)
| 
