drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Paßwort-Information in Umgebungsvariablen in webmin
Name: |
Paßwort-Information in Umgebungsvariablen in webmin
|
|
ID: |
CSSA-2001-019.0 |
|
Distribution: |
Caldera |
|
Plattformen: |
Caldera eDesktop 2.4, Caldera eServer 2.3.1 |
|
Datum: |
Do, 31. Mai 2001, 13:00 |
|
Referenzen: |
Keine Angabe |
|
Applikationen: |
Webmin |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
______________________________________________________________________________ Caldera International, Inc. Security Advisory
Subject: webmin root account leak Advisory number: CSSA-2001-019.0 Issue date: 2001 May, 30 Cross reference: ______________________________________________________________________________
1. Problem Description
When starting system daemons from the webmin webfrontend, webmin does not clear its environment variables. Since these variables contain the authorization of the administrator, any daemon gets these variables.
If the apache web server has been (re)started from webmin, a simple attack would be to write a CGI scripts which just dumps all environment variables, which contain the root password in a base64 encoded string.
This is just a preliminary advisory until we have fixed packages available.
2. Vulnerable Versions
System Package ----------------------------------------------------------- OpenLinux 2.3 not vulnerable
OpenLinux eServer 2.3.1 All webmin packages. and OpenLinux eBuilder
OpenLinux eDesktop 2.4 All webmin packages.
3. Solution
Workaround
Disable the webmin service until fixed packages are available.
Reboot your machine to make sure all daemons are restarted without tainted environment variables, or at least run as root:
/etc/rc.d/init.d/httpd stop /etc/rc.d/init.d/httpd start
to avoid trivial exploits.
We will release fixed packages in the next few days.
4. Disclaimer
Caldera International, Inc. is not responsible for the misuse of any of the information we provide on this website and/or through our security advisories. Our advisories are a service to our customers intended to promote secure installation and use of Caldera OpenLinux.
5. Acknowledgements:
Caldera International does acknowledge J. Nick Koston for reporting the problem, but would appreciate if vendors would get notified first before posting to BugTraq. ______________________________________________________________________________ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.5 (GNU/Linux) Comment: For info see http://www.gnupg.org
iD8DBQE7FRYJ18sy83A/qfwRAjHeAJ9VzIKZR0aBrFBilQgk/WePVt1fVQCdEAXH wrDu8oI2Z7jShz9XsPLEosg= =sF1+ -----END PGP SIGNATURE-----
--------------------------------------------------------------------- To unsubscribe, e-mail: announce-unsubscribe@lists.caldera.com For additional commands, e-mail: announce-help@lists.caldera.com
|
|
|
|