Gentoo Portage-Built Webmin Binary Package Build Host Root Password Disclosure Vulnerability
BID:12532
Info
Gentoo Portage-Built Webmin Binary Package Build Host Root Password Disclosure Vulnerability
| Bugtraq ID: | 12532 |
| Class: | Design Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 11 2005 12:00AM |
| Updated: | Feb 11 2005 12:00AM |
| Credit: | Discovery is credited to Tavis Ormandy. |
| Vulnerable: |
Gentoo webmin-1.170-r2.ebuild Gentoo webmin-1.170-r1.ebuild Gentoo webmin-1.160.ebuild Gentoo webmin-1.150.ebuild Gentoo webmin-1.140.ebuild |
| Not Vulnerable: |
Gentoo webmin-1.170-r3.ebuild |
Discussion
Gentoo Portage-Built Webmin Binary Package Build Host Root Password Disclosure Vulnerability
It is reported that the Gentoo Portage-built Webmin binary package discloses the build host's root password to remote users.
Any users who build the affected Webmin binary and share it with other users are at a risk of compromise.
Gentoo app-admin/webmin packages prior to 1.170-r3 are vulnerable to this issue.
It is reported that the Gentoo Portage-built Webmin binary package discloses the build host's root password to remote users.
Any users who build the affected Webmin binary and share it with other users are at a risk of compromise.
Gentoo app-admin/webmin packages prior to 1.170-r3 are vulnerable to this issue.
Exploit / POC
Gentoo Portage-Built Webmin Binary Package Build Host Root Password Disclosure Vulnerability
An exploit is not required to leverage this issue.
An exploit is not required to leverage this issue.
Solution / Fix
Gentoo Portage-Built Webmin Binary Package Build Host Root Password Disclosure Vulnerability
Solution:
Gentoo has released advisory GLSA 200502-12 to address this issue. Please see the referenced advisory for more information. Gentoo users may carry out the following commands to update their systems:
emerge --sync
emerge --ask --oneshot --verbose ">=app-admin/webmin-1.170-r3"
Solution:
Gentoo has released advisory GLSA 200502-12 to address this issue. Please see the referenced advisory for more information. Gentoo users may carry out the following commands to update their systems:
emerge --sync
emerge --ask --oneshot --verbose ">=app-admin/webmin-1.170-r3"
References
Gentoo Portage-Built Webmin Binary Package Build Host Root Password Disclosure Vulnerability
References:
References: