Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT Security Bulletin ASB-2012.0174 A number of vulnerabilities have been identified in Webmin 13 December 2012 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Webmin Operating System: Solaris UNIX variants (UNIX, Linux, OSX) Impact/Access: Execute Arbitrary Code/Commands -- Existing Account Access Confidential Data -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2012-2983 CVE-2012-2982 CVE-2012-2981 Member content until: Saturday, January 12 2013 Comment: This advisory references vulnerabilities in products which run on platforms other than Solaris. It is recommended that administrators running Webmin check for an updated version of the software for their operating system. OVERVIEW A number of vulnerabilities have been identified in Webmin, a third-party component of Solaris 10. IMPACT The vendor has provided the following details regarding these vulnerabilities: "CVE-2012-2981 Improper Input Validation vulnerability" [1] "CVE-2012-2982 Arbitrary code execution vulnerability" [1] "CVE-2012-2983 Improper Authentication vulnerability" [1] MITIGATION The vendor recommends applying the appropriate patch to correct these issues. [1] REFERENCES [1] Multiple vulnerabilities in Webmin https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_webmin AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBUMkxw+4yVqjM2NGpAQIG7xAAh/A4sCJ877gLs7xyUIWoUeQ/FiYbjjrs ikxLYORhpq82OUI2OK+6nSgLO1loNCG/BTpxrdjZ0ATiekgtLwf4jDymQSDCsb9W f1P0P1HlYdu9B0M1RXOhjsgdbjr+DoqMVwojVxxY8wpeSwGB0iRYGLtd+Ho6nt91 saRDjBdQhoGyfRD98OfOE7UN3PqBRiM6s34WrPotOo+YQMaO9shSfmUDRgu6wrZ9 2zj2huE7TMEWanVfcRdZ4nAlXebL2JHAOsEzjN0Vul6q4L8bHYGuAcDTN18MTtAl DqLesYdXzzKr11rj7Qjf06M+jqbg0U02CnM+zb/exPzJRg04EQLY4RsFI+yAIQpD xcjfHmumhOz41Jlv4JsOpFMpFJRopmcPOL1CZGEaRFzJlggcg1ae2waGnEVhNJLb 3IcplQVHDFjAIa6KmDRtrbsIHY2YvVMQ24+XHxbPjHHgSG3DsO0/244agKMYJaSY Gy9wr7wA/yj7xRFC9ZV9DkGVQ5tQLyOWsu2B6A82La/eItiYvTXJuSS1cocFQAeo FrSjcG08jCDedKylYs3oEtgR/aJcJgkL8SzAcOZwMQmrIcbhRREKrzlMXhUNu3Nu 0cpGm58Ep6eDWSrOk5OiC2/m2Hm+dbOhpAZ6Im3LYdwt1koKeRKm0LAHjbk54USr 3pK+VWjl7/M= =3KJ4 -----END PGP SIGNATURE-----