Webmin And Usermin Configuration File Unauthorized Access Vulnerability

BID:13205

Info

Webmin And Usermin Configuration File Unauthorized Access Vulnerability

Bugtraq ID: 13205
Class: Design Error
CVE:
Remote: Yes
Local: No
Published: Apr 16 2005 12:00AM
Updated: Apr 16 2005 12:00AM
Credit: The individual or individuals responsible for the discovery of this issue are currently unknown; the vendor disclosed this issue.
Vulnerable: Webmin Webmin 1.160
Webmin Webmin 1.150
Webmin Webmin 1.140
Webmin Webmin 1.130
Webmin Webmin 1.121
Webmin Webmin 1.110
Webmin Webmin 1.100
Webmin Webmin 1.0 90
Webmin Webmin 1.0 80
Webmin Webmin 1.0 70
+ HP Apache-Based Web Server 1.3.27 .01
 + HP Apache-Based Web Server 1.3.27 .01
 + HP Webmin-Based Admin 1.0.1 .01
 + HP Webmin-Based Admin 1.0.1 .01
 + Turbolinux Turbolinux Server 8.0
+ Turbolinux Turbolinux Server 8.0
+ Turbolinux Turbolinux Server 7.0
+ Turbolinux Turbolinux Server 7.0
+ Turbolinux Turbolinux Workstation 8.0
Webmin Webmin 1.0 60
Webmin Webmin 1.0 50
Webmin Webmin 1.0 20
Webmin Webmin 1.0 00
Webmin Webmin 0.990
Webmin Webmin 0.980
Webmin Webmin 0.970
Webmin Webmin 0.960
Webmin Webmin 0.950
Webmin Webmin 0.94
Webmin Webmin 0.93
Webmin Webmin 0.92 -1
Webmin Webmin 0.92
Webmin Webmin 0.91
Webmin Webmin 0.89
+ Caldera OpenLinux Server 3.1.1
+ Caldera OpenLinux Server 3.1.1
+ Caldera OpenLinux Server 3.1.1
+ Caldera OpenLinux Server 3.1
+ Caldera OpenLinux Server 3.1
+ Caldera OpenLinux Server 3.1
+ Caldera OpenLinux Workstation 3.1.1
+ Caldera OpenLinux Workstation 3.1
+ Caldera OpenLinux Workstation 3.1
+ Caldera OpenLinux Workstation 3.1
Webmin Webmin 0.88
Webmin Webmin 0.85
- Caldera OpenLinux 2.4
- Caldera OpenLinux 2.4
- Caldera OpenLinux 2.3
- Caldera OpenLinux 2.3
- MandrakeSoft Corporate Server 1.0.1
- Mandriva Linux Mandrake 7.2
- Mandriva Linux Mandrake 7.2
- Mandriva Linux Mandrake 7.1
- Mandriva Linux Mandrake 7.1
Webmin Webmin 0.80
Webmin Webmin 0.79
Webmin Webmin 0.78
Webmin Webmin 0.77
Webmin Webmin 0.76
Webmin Webmin 0.51
Webmin Webmin 0.42
Webmin Webmin 0.41
Webmin Webmin 0.31
Webmin Webmin 0.22
Webmin Webmin 0.21
Webmin Webmin 0.8.5 Red Hat
+ Redhat Linux 7.0
Webmin Webmin 0.8.4
- Caldera OpenLinux Desktop 2.3
- Caldera OpenLinux Desktop 2.3
- Mandriva Linux Mandrake 7.2
- Mandriva Linux Mandrake 7.2
- Mandriva Linux Mandrake 7.1
- Mandriva Linux Mandrake 7.1
- SCO eDesktop 2.4
- SCO eDesktop 2.4
- SCO eServer 2.3.1
Webmin Webmin 0.8.3
- Caldera OpenLinux 2.4
- Caldera OpenLinux 2.4
- Caldera OpenLinux 2.3
- Caldera OpenLinux 2.3
- MandrakeSoft Corporate Server 1.0.1
- Mandriva Linux Mandrake 7.2
- Mandriva Linux Mandrake 7.2
- Mandriva Linux Mandrake 7.1
- Mandriva Linux Mandrake 7.1
Webmin Webmin 0.7
Webmin Webmin 0.6
Webmin Webmin 0.5 x
Webmin Webmin 0.5
Webmin Webmin 0.4
Webmin Webmin 0.3
Webmin Webmin 0.2
Webmin Webmin 0.1
Usermin Usermin 1.0 90
Usermin Usermin 1.0 80
Usermin Usermin 1.0 70
Usermin Usermin 1.0 60
Usermin Usermin 1.0 51
Usermin Usermin 1.0 40
Usermin Usermin 1.0 30
Usermin Usermin 1.0 20
Usermin Usermin 1.0 10
Usermin Usermin 1.0 00
Usermin Usermin 0.990
Usermin Usermin 0.980
Usermin Usermin 0.970
Usermin Usermin 0.960
Usermin Usermin 0.950
Usermin Usermin 0.940
Usermin Usermin 0.930
Usermin Usermin 0.920
Usermin Usermin 0.910
Usermin Usermin 0.90
Usermin Usermin 0.80
Usermin Usermin 0.7
Not Vulnerable: Webmin Webmin 1.200
Usermin Usermin 1.130

Discussion

Webmin And Usermin Configuration File Unauthorized Access Vulnerability

Usermin and Webmin are affected by a configuration file access validation vulnerability. This issue is due to a design error that causes certain configuration files to be assigned insecure permissions.

An attacker may leverage this issue to gain access to various, potentially sensitive system configuration files. This may facilitate privilege escalation or other attacks.

Exploit / POC

Webmin And Usermin Configuration File Unauthorized Access Vulnerability

No exploit is required to leverage this issue.

Solution / Fix

Webmin And Usermin Configuration File Unauthorized Access Vulnerability

Solution:
The vendor has released updates dealing with this issue in both of the affected applications.


Webmin Webmin 0.1

Webmin Webmin 0.2

Webmin Webmin 0.21

Webmin Webmin 0.22

Webmin Webmin 0.3

Webmin Webmin 0.31

Webmin Webmin 0.4

Webmin Webmin 0.41

Webmin Webmin 0.42

Webmin Webmin 0.5 x

Webmin Webmin 0.5

Webmin Webmin 0.51

Webmin Webmin 0.6

Usermin Usermin 0.7

Webmin Webmin 0.7

Webmin Webmin 0.76

Webmin Webmin 0.77

Webmin Webmin 0.78

Webmin Webmin 0.79

Webmin Webmin 0.8.3

Webmin Webmin 0.8.4

Webmin Webmin 0.8.5 Red Hat

Usermin Usermin 0.80

Webmin Webmin 0.80

Webmin Webmin 0.85

Webmin Webmin 0.88

Webmin Webmin 0.89

Usermin Usermin 0.90

Webmin Webmin 0.91

Usermin Usermin 0.910

Webmin Webmin 0.92

Webmin Webmin 0.92 -1

Usermin Usermin 0.920

Webmin Webmin 0.93

Usermin Usermin 0.930

Webmin Webmin 0.94

Usermin Usermin 0.940

Usermin Usermin 0.950

Webmin Webmin 0.950

Usermin Usermin 0.960

Webmin Webmin 0.960

Usermin Usermin 0.970

Webmin Webmin 0.970

Webmin Webmin 0.980

Usermin Usermin 0.980

Webmin Webmin 0.990

Usermin Usermin 0.990

Webmin Webmin 1.0 90

Webmin Webmin 1.0 80

Usermin Usermin 1.0 90

Usermin Usermin 1.0 20

Usermin Usermin 1.0 00

Usermin Usermin 1.0 30

Usermin Usermin 1.0 80

Usermin Usermin 1.0 40

Webmin Webmin 1.0 20

Webmin Webmin 1.0 00

Webmin Webmin 1.0 50

Usermin Usermin 1.0 60

Webmin Webmin 1.0 70

Usermin Usermin 1.0 70

Usermin Usermin 1.0 10

Usermin Usermin 1.0 51

Webmin Webmin 1.0 60

Webmin Webmin 1.100

Webmin Webmin 1.110

Webmin Webmin 1.121

Webmin Webmin 1.130

Webmin Webmin 1.140

Webmin Webmin 1.150

Webmin Webmin 1.160

References

Webmin And Usermin Configuration File Unauthorized Access Vulnerability

References:
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report