Vulnerabilities > CVE-2012-2982 - Unspecified vulnerability in Gentoo Webmin
Attack vector
NETWORK Attack complexity
LOW Privileges required
SINGLE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
file/show.cgi in Webmin 1.590 and earlier allows remote authenticated users to execute arbitrary commands via an invalid character in a pathname, as demonstrated by a | (pipe) character.
Vulnerable Configurations
Exploit-Db
| description | Webmin /file/show.cgi Remote Command Execution. CVE-2012-2982. Remote exploit for unix platform |
| id | EDB-ID:21851 |
| last seen | 2016-02-02 |
| modified | 2012-10-10 |
| published | 2012-10-10 |
| reporter | metasploit |
| source | https://www.exploit-db.com/download/21851/ |
| title | Webmin 1.580 - /file/show.cgi Remote Command Execution |
Metasploit
| description | This module exploits an arbitrary command execution vulnerability in Webmin 1.580. The vulnerability exists in the /file/show.cgi component and allows an authenticated user, with access to the File Manager Module, to execute arbitrary commands with root privileges. The module has been tested successfully with Webmin 1.580 over Ubuntu 10.04. |
| id | MSF:EXPLOIT/UNIX/WEBAPP/WEBMIN_SHOW_CGI_EXEC |
| last seen | 2020-06-10 |
| modified | 2017-09-08 |
| published | 2012-09-15 |
| references | |
| reporter | Rapid7 |
| source | https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/unix/webapp/webmin_show_cgi_exec.rb |
| title | Webmin /file/show.cgi Remote Command Execution |
Nessus
NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2014-062.NASL description Multiple vulnerabilities was discovered and corrected in webmin : Multiple XSS, CSRF, and arbitrary code execution vulnerabilities that impact Webmin versions prior to 1.620 (CVE-2012-2981, CVE-2012-2982, CVE-2012-2983, CVE-2012-4893, SA51201). The 1.680 version fixed security issues that could be exploited by un-trusted Webmin users in the PHP Configuration and Webalizer modules. The Authen::Libwrap perl module used by Webmin is also being provided. The updated packages have been upgraded to the 1.680 version which is not vulnerable to these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 73066 published 2014-03-18 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/73066 title Mandriva Linux Security Advisory : webmin (MDVSA-2014:062) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandriva Linux Security Advisory MDVSA-2014:062. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(73066); script_version("1.6"); script_cvs_date("Date: 2019/08/02 13:32:55"); script_cve_id("CVE-2012-2981", "CVE-2012-2982", "CVE-2012-2983", "CVE-2012-4893"); script_bugtraq_id(55446); script_xref(name:"MDVSA", value:"2014:062"); script_xref(name:"MGASA", value:"2013-0125"); script_name(english:"Mandriva Linux Security Advisory : webmin (MDVSA-2014:062)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandriva Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Multiple vulnerabilities was discovered and corrected in webmin : Multiple XSS, CSRF, and arbitrary code execution vulnerabilities that impact Webmin versions prior to 1.620 (CVE-2012-2981, CVE-2012-2982, CVE-2012-2983, CVE-2012-4893, SA51201). The 1.680 version fixed security issues that could be exploited by un-trusted Webmin users in the PHP Configuration and Webalizer modules. The Authen::Libwrap perl module used by Webmin is also being provided. The updated packages have been upgraded to the 1.680 version which is not vulnerable to these issues." ); script_set_attribute( attribute:"see_also", value:"http://advisories.mageia.org/MGASA-2014-0132.html" ); script_set_attribute( attribute:"see_also", value:"http://www.webmin.com/changes.html" ); script_set_attribute( attribute:"solution", value:"Update the affected perl-Authen-Libwrap and / or webmin packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploithub_sku", value:"EH-12-473"); script_set_attribute(attribute:"exploit_framework_exploithub", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Webmin /file/show.cgi Remote Command Execution'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:perl-Authen-Libwrap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:webmin"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:business_server:1"); script_set_attribute(attribute:"patch_publication_date", value:"2014/03/17"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/03/18"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"perl-Authen-Libwrap-0.220.0-2.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", reference:"webmin-1.680-1.mbs1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family CGI abuses NASL id WEBMIN_1_600.NASL description According to its self-reported version, the Webmin install hosted on the remote host is 1.590 or lower. It is, therefore, affected by multiple vulnerabilities. last seen 2020-06-01 modified 2020-06-02 plugin id 117602 published 2018-09-19 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/117602 title Webmin <= 1.590 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(117602); script_version("1.8"); script_cvs_date("Date: 2019/11/05"); script_cve_id( "CVE-2012-2981", "CVE-2012-2982", "CVE-2012-2983", "CVE-2012-4893" ); script_bugtraq_id(55446, 66328); script_name(english:"Webmin <= 1.590 Multiple Vulnerabilities"); script_summary(english:"Checks version of Webmin."); script_set_attribute(attribute:"synopsis", value: "The remote web server is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "According to its self-reported version, the Webmin install hosted on the remote host is 1.590 or lower. It is, therefore, affected by multiple vulnerabilities."); script_set_attribute(attribute:"see_also", value:"https://www.securityfocus.com/bid/55446"); script_set_attribute(attribute:"see_also", value:"https://www.securityfocus.com/bid/66328"); script_set_attribute(attribute:"see_also", value:"http://www.webmin.com/changes.html"); script_set_attribute(attribute:"solution", value: "Upgrade to Webmin 1.600 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:ND"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"); script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:X"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2012-4893"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploithub_sku", value:"EH-12-473"); script_set_attribute(attribute:"exploit_framework_exploithub", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Webmin /file/show.cgi Remote Command Execution'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2012/09/11"); script_set_attribute(attribute:"patch_publication_date", value:"2012/09/11"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/09/19"); script_set_attribute(attribute:"potential_vulnerability", value:"true"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:webmin:webmin"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"CGI abuses"); script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("webmin.nasl"); script_require_keys("www/webmin", "Settings/ParanoidReport"); script_require_ports("Services/www", 10000); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("http.inc"); app = 'Webmin'; port = get_http_port(default:10000, embedded: TRUE); get_kb_item_or_exit('www/'+port+'/webmin'); version = get_kb_item_or_exit('www/webmin/'+port+'/version', exit_code:1); source = get_kb_item_or_exit('www/webmin/'+port+'/source', exit_code:1); if (report_paranoia < 2) audit(AUDIT_PARANOID); dir = "/"; install_url = build_url(port:port, qs:dir); fix = "1.600"; if (ver_compare(ver:version, fix:"1.590", strict:FALSE) <= 0) { report = '\n URL : ' + install_url + '\n Version Source : ' + source + '\n Installed version : ' + version + '\n Fixed version : ' + fix + '\n'; security_report_v4(severity:SECURITY_WARNING, port:port, extra:report, xss:TRUE, xsrf:TRUE); } else audit(AUDIT_WEB_APP_NOT_AFFECTED, app, install_url, version);
Packetstorm
| data source | https://packetstormsecurity.com/files/download/116620/webmin_show_cgi_exec.rb.txt |
| id | PACKETSTORM:116620 |
| last seen | 2016-12-05 |
| published | 2012-09-17 |
| reporter | unknown |
| source | https://packetstormsecurity.com/files/116620/Webmin-file-show.cgi-Remote-Command-Execution.html |
| title | Webmin /file/show.cgi Remote Command Execution |
Saint
| bid | 55446 |
| description | Webmin show.cgi Open Function Call Command Execution |
| id | web_tool_webminver |
| osvdb | 85248 |
| title | webmin_showcgi_path_info |
| type | remote |
References
- http://americaninfosec.com/research/index.html
- http://www.americaninfosec.com/research/dossiers/AISG-12-001.pdf
- http://www.kb.cert.org/vuls/id/788478
- http://www.securitytracker.com/id?1027507
- http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf
- https://github.com/webmin/webmin/commit/1f1411fe7404ec3ac03e803cfa7e01515e71a213