From: Jamie C. <jca...@we...> - 2001-11-19 11:31:00
|
Gehrigal - Webminprojects wrote: > > Hi All > > Today i found an article about security problems by using webmin. Does > anybody know this. And is there an solution? > > Articel (http://www.suse.de/de/support/security/2001_016_sgmltool_txt.txt): > > <----snip---> > webmin > Insecure handling of temporary files has been found in webmin, a > comprehensive administration webinterface. SuSE distributions do not > contain the webmin package and therefore are not vulnerable to the > found vulnerabilities by default. We urge administrators who use > webmin to upgrade to the latest version of webmin available. > > <----snip---> I guess they are referring to a problem in versions before 0.89 , in which custom commands with the "Use user's environment?" option set created a temp file with mode 777 and then executed it. But that is fixed now .. - Jamie |