Submitted via IRC for SoyCow2718
Webmin, the open source web-based interface for managing Linux and UNIX systems, contained a remote code execution vulnerability for more than a year and it's believed to be an intentional backdoor.
The vulnerability, tracked as CVE-2019-15107, was disclosed at the recent DEFCON hacker conference, and Webmin developers were not notified of its existence before the details were made public.
The flaw is related to a feature designed for changing expired passwords and it allows a remote, unauthenticated attacker to execute arbitrary commands with root privileges.
The security hole impacts Webmin 1.882 through 1.921, but most versions are not vulnerable in their default configuration as the affected feature is not enabled by default. Version 1.890 is affected in the default configuration. The issue has been addressed with the release of Webmin 1.930 and Usermin version 1.780.
[...] A Shodan search shows over 215,000 internet-exposed Webmin instances, mostly located in the United States, France and Germany. However, there are roughly 15,000 results for searches of version 1.890, which is vulnerable in the default configuration.
Source: https://www.securityweek.com/webmin-backdoored-over-year
(Score: 2) by PartTimeZombie on Wednesday August 21 2019, @09:27PM (1 child)
Have been testing Webmin on a CentOS box I have going spare, and just did what the webmin site told me to do:
And they were.
Webmin seems to be incredibly powerful, although I could not seem to get the LDAP client to work, and it also felt really weird using it, sort of like cheating. I kept opening configs just to try to figure out what it was doing.
I am in no way an expert, maybe I did it wrong?
Oh, also it buggered up samba. A share I made was no longer accessible.
Sorry guys, I'm not really looking for support. :-)
(Score: 2) by FatPhil on Saturday August 24 2019, @11:51AM
Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves