mailing list archives
Re: [webmin-devel] XSS in Webmin 1.540 + exploit for privilege escalation
From: Henri Salo <henri () nerv fi>
Date: Sat, 21 May 2011 13:25:07 +0300
On Sat, Apr 23, 2011 at 06:11:12PM -0700, Jamie Cameron wrote:
Thanks for reporting this - I hadn't considered this attack
vector, as I didn't realize that chfn could be used to modify a user's
I have created a fix which you can see at :
Also an update for the Users and Groups module can be found at
http://www.webmin.com/updates.html , and will be available from within
the Webmin UI.
In what Webmin-release this will be fixed? Do you have CVE-identifier for this yet?
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/
- Re: [webmin-devel] XSS in Webmin 1.540 + exploit for privilege escalation Henri Salo (May 21)