Stories
Slash Boxes
Comments

SoylentNews is people

Webmin Backdoored for Over a Year

posted by Fnord666 on Wednesday August 21 2019, @08:15AM   Printer-friendly
from the creeping-around-the-back-door dept.

MrPlow writes:

Submitted via IRC for SoyCow2718

Webmin, the open source web-based interface for managing Linux and UNIX systems, contained a remote code execution vulnerability for more than a year and it's believed to be an intentional backdoor.

The vulnerability, tracked as CVE-2019-15107, was disclosed at the recent DEFCON hacker conference, and Webmin developers were not notified of its existence before the details were made public.

The flaw is related to a feature designed for changing expired passwords and it allows a remote, unauthenticated attacker to execute arbitrary commands with root privileges.

The security hole impacts Webmin 1.882 through 1.921, but most versions are not vulnerable in their default configuration as the affected feature is not enabled by default. Version 1.890 is affected in the default configuration. The issue has been addressed with the release of Webmin 1.930 and Usermin version 1.780.

[...] A Shodan search shows over 215,000 internet-exposed Webmin instances, mostly located in the United States, France and Germany. However, there are roughly 15,000 results for searches of version 1.890, which is vulnerable in the default configuration.

Source: https://www.securityweek.com/webmin-backdoored-over-year

Original Submission

 
This discussion has been archived. No new comments can be posted.
Webmin Backdoored for Over a Year | Log In/Create an Account | Top | 27 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2) by PartTimeZombie on Wednesday August 21 2019, @09:27PM (1 child)

    by PartTimeZombie (4827) on Wednesday August 21 2019, @09:27PM (#883314)

    Have been testing Webmin on a CentOS box I have going spare, and just did what the webmin site told me to do:

    If you like to install and update Webmin via RPM, create the /etc/yum.repos.d/webmin.repo file containing :
    [Webmin]
    name=Webmin Distribution Neutral
    #baseurl=https://download.webmin.com/download/yum
    mirrorlist=https://download.webmin.com/download/yum/mirrorlist
    enabled=1
    You should also fetch and install my GPG key with which the packages are signed, with the commands :
    wget http://www.webmin.com/jcameron-key.asc [webmin.com]
    rpm --import jcameron-key.asc
    You will now be able to install with the command :
    yum install webmin
    All dependencies should be resolved automatically.

    And they were.

    Webmin seems to be incredibly powerful, although I could not seem to get the LDAP client to work, and it also felt really weird using it, sort of like cheating. I kept opening configs just to try to figure out what it was doing.

    I am in no way an expert, maybe I did it wrong?

    Oh, also it buggered up samba. A share I made was no longer accessible.

    Sorry guys, I'm not really looking for support. :-)

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  
    Total Score:   2  

  • (Score: 2) by FatPhil on Saturday August 24 2019, @11:51AM

    by FatPhil (863) <reversethis-{if.fdsa} {ta} {tnelyos-cp}> on Saturday August 24 2019, @11:51AM (#884680) Homepage
    If he's signing sploited packages, why are you even bothering to check the sig?
    --
    Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves