Webmin

Tracker: Usermin Bugs

5 Root Shell Denial of Service - ID: 1509145

Last Update: Comment added ( jcameron )

Details:

As pointed out in
http://www.osreviews.net/reviews/admin/usermin it is
possible to disable the login shell of the root account
by calling save.cgi with an empty value for the shell.
The problem is that the command is expanded to `chsh -s
foo`, which changes the shell of the root account to
foo instead of changing foo's shell.

When combined with some well-known social engineering
tactics (cf. "Stealing Superuser" in Practical UNIX &
Internet Security) it might even be possible to obtain
root access to the system.

Submitted:

Nobody/Anonymous ( nobody ) - 2006-06-20 08:38

Priority:

Status:

Closed

Resolution:

None

Assigned:

Jamie Cameron

Category:

Change User Details

Group:

None

Visibility:

Public

Comments ( 3 )

Date: 2006-09-14 16:27 Sender: jcameron Logged In: YES user_id=129364 This is definately fixed in Usermin 1.220. In the file chfn/save.cgi, there is a check on line 19 for an empty shell.
Date: 2006-09-14 10:19 Sender: nobody Logged In: NO AFAICS this has not been fixed yet. Any possibility that this will be addressed in the future?
Date: 2006-06-20 16:47 Sender: jcameron Logged In: YES user_id=129364 Thanks for pointing this out - I will fix it in the next release of Usermin.

Log in to comment.

Attached File

Changes ( 2 )

Field	Old Value	Date	By
status_id	Open	2006-06-20 16:47	jcameron
close_date	-	2006-06-20 16:47	jcameron

Webmin

Tracker: Usermin Bugs

Comments ( 3 )

Log in to comment.

Attached File

No Files Currently Attached

Changes ( 2 )

About SourceForge

Find Software

Develop Software

Community

Help