====================================================================

                             CERT-Renater

                  Note d'Information No. 2012/VULN346
____________________________________________________________________

DATE                : 07/09/2012

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S) : Webmin contains input validation vulnerabilities

======================================================================
  
http://www.kb.cert.org/vuls/id/788478
______________________________________________________________________

Overview

Webmin 1.580, and possibly earlier versions, has been reported to contain
input validation vulnerabilities.

Description

The advisories from American Information Security Group report the following vulnerabilities.

CWE-20: Improper Input Validation - CVE-2012-2981
"An input validation flaw allows for authenticated users to execute arbitrary Perl statements,
commands, or libraries by parsing any file provided."


CWE-77: Improper Neutralization of Special Elements used in a Command - CVE-2012-2982
"An input validation flaw within /file/show.cgi allows for authenticated users to execute
arbitrary system commands as a privileged user. Additionally, anyone with a previously 
established session can be made to execute arbitrary commands on the server by embedding
the attack in HTML code–such as IMG SRC tags within HTML emails."


CWE-22: Improper Limitation of a Pathname to a Restricted Directory - CVE-2012-2983
"A directory traversal flaw within edit_html.cgi allows an attacker to view any file as user root."


Full details of each vulnerability are available in the American Information Security Group advisories
 linked in the References section.

Impact

An authenticated attacker may be able to execute arbitrary commands.

Solution

We are currently unaware of a practical solution to this problem. 
The vendor is aware of the vulnerabilities and has patches available 
in the development branch but an official version including the patches 
was not available at the time of publication.

Patch for CVE-2012-2981
https://github.com/webmin/webmin/commit/ed7365064c189b8f136a9f952062249167d1bd9e

Patch for CVE-2012-2982
https://github.com/webmin/webmin/commit/1f1411fe7404ec3ac03e803cfa7e01515e71a213

Patch for CVE-2012-2983
https://github.com/webmin/webmin/commit/4cd7bad70e23e4e19be8ccf7b9f245445b2b3b80

References:

http://www.kb.cert.org/vuls/id/788478
http://www.webmin.com/

======================================================================

=========================================================
Serveur de référence du CERT-Renater
https://services.renater.fr/ssi/
=========================================================
+ CERT-RENATER          | tel : 01-53-94-20-44          +
+ 23 - 25 Rue Daviel    | fax : 01-53-94-20-41          +
+ 75013 Paris           | email: certsvp@renater.fr     +
=========================================================