CVE-2019-15107: Remote Code Execution Vulnerability in Webmin

CVE-2019-15107: Remote Code Execution Vulnerability in Webmin

1 Star2 Stars3 Stars4 Stars5 Stars (1 stemmer, gennemsnit: 5.00 ud af 5)
Loading ...

Webmin, a web-based application for system administrators of Unix-based systems (Linux, FreeBSD, or OpenBSD servers), contains a backdoor that could allow remote attackers to execute malicious commands with root privileges. A compromised system can later be used to navigate further attacks against the systems managed through Webmin.

What is Webmin? Webmin is a web-based interface for system administration for Unix. Using any modern web browser, you can setup user accounts, Apache, DNS, file sharing and much more. Webmin removes the need to manually edit Unix configuration files like /etc/passwd, and lets you manage a system from the console or remotely, the official website says.

Webmin also allows system administrators to modify settings and internals at OS level, create new users, and update the configurations of applications running on remote systems, such as Apache, BINDE, MySQL, PHP, Exim. Because of these conveniences and the overall importance of Webmin in the Linux ecosystem, the tool is used by many system administrators, and the threat it poses is huge.

At risk are more than 1,000,000 installations worldwide. Shodan data shows that there are some 215,000 public Webmin instances which are open to attacks. These instances can be compromised without the need of access to internal networks or bypassing firewalls.

CVE-2019-15107 Webmin Vulnerability

The issue is stemming from a vulnerability spotted by security researcher Özkan Mustafa Akkuş who found a loophole in Webmin’s source code. The flaw enabled unauthenticated threat actors to run code on the servers running the app. The flaw is now known as CVE-2019-15107. The researcher presented his findings during the AppSec Village at the DEF CON 27 security conference in Las Vegas earlier this month.

After Akkuş’s presentation other researchers started looking deeper into the CVE-2019-15107 problem only to discover that it is a vulnerability of great impact.

One of Webmin’s developers says that the CVE-2019-15107 vulnerability is not a result of a coding mistake but rather malicious code injected into compromised build infrastructure.

relaterede Story: Godlua Backdoor Bruger CVE-2019-3396 Target Linux-brugere

Endvidere, this code was present in Webmin download packages on SourceForge and not on GitHub. Selvfølgelig, this fact doesn’t change the impact of the vulnerability – in fact, SourceForge is listed as the official download on the official website of Webmin.

Further information is needed to clarify whether the compromised build infrastructure is related to a compromised system of the developer who created the code, or to a compromised account on SourceForge. Such an account might have been used by an attacker to upload a malicious Webmin version. According to SourceForge, the attacker hasn’t exploited any flaws in the platform. SourceForge only hosted the code uploaded by the project admins via their own accounts.

Note that all Webmin versions between 1.882 og 1.921 that were downloaded from SourceForge are vulnerable. Webmin version 1.930 was released on August 18. Ifølge officielle rådgivende:

Webmin releases between these versions contain a vulnerability that allows remote command execution! Version 1.890 is vulnerable in a default install and should be upgraded immediatelyother versions are only vulnerable if changing of expired passwords is enabled, which is not the case by default.

Enten måde, upgrading to version 1.930 anbefales kraftigt. Skiftevis, if running versions 1.900 til 1.920.


Milena Dimitrova

En inspireret forfatter og indhold leder, der har været med SensorsTechForum for 4 år. Nyder ’Mr. Robot’og frygt’1984’. Fokuseret på brugernes privatliv og malware udvikling, hun tror stærkt på en verden, hvor cybersikkerhed spiller en central rolle. Hvis almindelig sund fornuft giver ingen mening, hun vil være der til at tage noter. Disse noter senere kan blive til artikler!

Flere indlæg

Efterlad en kommentar

Din e-mail-adresse vil ikke blive offentliggjort. Krævede felter er markeret *

Frist er opbrugt. Venligst genindlæse CAPTCHA.

Del på Facebook Del
Loading ...
Del på Twitter Tweet
Loading ...
Del på Google Plus Del
Loading ...
Del på Linkedin Del
Loading ...
Del på Digg Del
Del på Reddit Del
Loading ...
Del på Stumbleupon Del
Loading ...