CVE Request: Webmin & Usermin - Read Mail Module Vulnerability

[Patrick William <pat () rack911labs com>]

Hi,

I need to request 2 CVE's; one for Usermin and one for Webmin.

Both of them are vulnerable to a hardlink arbitrary file access within 
the Read Mail Module. The end result is the ability to open any file on 
the server, including root owned files, which could lead to a privilege 
escalation.

Reference: http://www.webmin.com/index.html

"January 1: Webmin 1.730 and Usermin 1.640 released - This update 
includes security fixes to produce against malicious links in the Read 
Mail module..."

Thanks!

Patrick