Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2012-2982

file/show.cgi in Webmin 1.590 and earlier allows remote authenticated users to execute arbitrary commands via an invalid character in a pathname, as demonstrated by a | (pipe) character.

Published

2012-09-11T18:55:01.237

Last Modified

2025-04-11T00:51:21.963

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 6.5 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: SINGLE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

8.0

Impact Score

6.4

Weaknesses

Type: Primary
NVD-CWE-Other

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	gentoo	webmin	≤ 1.590	Yes
Application	gentoo	webmin	1.140	Yes
Application	gentoo	webmin	1.150	Yes
Application	gentoo	webmin	1.160	Yes
Application	gentoo	webmin	1.170	Yes
Application	gentoo	webmin	1.180	Yes
Application	gentoo	webmin	1.200	Yes
Application	gentoo	webmin	1.210	Yes
Application	gentoo	webmin	1.220	Yes
Application	gentoo	webmin	1.230	Yes
Application	gentoo	webmin	1.240	Yes
Application	gentoo	webmin	1.260	Yes
Application	gentoo	webmin	1.270	Yes
Application	gentoo	webmin	1.280	Yes
Application	gentoo	webmin	1.290	Yes
Application	gentoo	webmin	1.300	Yes
Application	gentoo	webmin	1.310	Yes
Application	gentoo	webmin	1.320	Yes
Application	gentoo	webmin	1.330	Yes
Application	gentoo	webmin	1.340	Yes
Application	gentoo	webmin	1.370	Yes
Application	gentoo	webmin	1.380	Yes
Application	gentoo	webmin	1.390	Yes
Application	gentoo	webmin	1.400	Yes
Application	gentoo	webmin	1.410	Yes
Application	gentoo	webmin	1.420	Yes
Application	gentoo	webmin	1.430	Yes
Application	gentoo	webmin	1.440	Yes
Application	gentoo	webmin	1.450	Yes
Application	gentoo	webmin	1.470	Yes
Application	gentoo	webmin	1.480	Yes
Application	gentoo	webmin	1.500	Yes
Application	gentoo	webmin	1.510	Yes
Application	gentoo	webmin	1.520	Yes
Application	gentoo	webmin	1.530	Yes
Application	gentoo	webmin	1.550	Yes
Application	gentoo	webmin	1.560	Yes
Application	gentoo	webmin	1.570	Yes
Application	gentoo	webmin	1.580	Yes

References

http://americaninfosec.com/research/index.html ([email protected])
http://www.americaninfosec.com/research/dossiers/AISG-12-001.pdf ([email protected])
http://www.kb.cert.org/vuls/id/788478 Patch, US Government Resource ([email protected])
http://www.securitytracker.com/id?1027507 ([email protected])
http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf ([email protected])
https://github.com/webmin/webmin/commit/1f1411fe7404ec3ac03e803cfa7e01515e71a213 Exploit, Patch ([email protected])
http://americaninfosec.com/research/index.html (af854a3a-2127-422b-91ae-364da2661108)
http://www.americaninfosec.com/research/dossiers/AISG-12-001.pdf (af854a3a-2127-422b-91ae-364da2661108)
http://www.kb.cert.org/vuls/id/788478 Patch, US Government Resource (af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id?1027507 (af854a3a-2127-422b-91ae-364da2661108)
http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/webmin/webmin/commit/1f1411fe7404ec3ac03e803cfa7e01515e71a213 Exploit, Patch (af854a3a-2127-422b-91ae-364da2661108)