CVE-2012-2981: Input Validation
First published: Tue Sep 11 2012(Updated: )
Webmin 1.590 and earlier allows remote authenticated users to execute arbitrary Perl code via a crafted file associated with the type (aka monitor type name) parameter.
Credit: cret@cert.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Webmin | <=1.590 | |
| Webmin | =1.140 | |
| Webmin | =1.150 | |
| Webmin | =1.160 | |
| Webmin | =1.170 | |
| Webmin | =1.180 | |
| Webmin | =1.200 | |
| Webmin | =1.210 | |
| Webmin | =1.220 | |
| Webmin | =1.230 | |
| Webmin | =1.240 | |
| Webmin | =1.260 | |
| Webmin | =1.270 | |
| Webmin | =1.280 | |
| Webmin | =1.290 | |
| Webmin | =1.300 | |
| Webmin | =1.310 | |
| Webmin | =1.320 | |
| Webmin | =1.330 | |
| Webmin | =1.340 | |
| Webmin | =1.370 | |
| Webmin | =1.380 | |
| Webmin | =1.390 | |
| Webmin | =1.400 | |
| Webmin | =1.410 | |
| Webmin | =1.420 | |
| Webmin | =1.430 | |
| Webmin | =1.440 | |
| Webmin | =1.450 | |
| Webmin | =1.470 | |
| Webmin | =1.480 | |
| Webmin | =1.500 | |
| Webmin | =1.510 | |
| Webmin | =1.520 | |
| Webmin | =1.530 | |
| Webmin | =1.550 | |
| Webmin | =1.560 | |
| Webmin | =1.570 | |
| Webmin | =1.580 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://americaninfosec.com/research/index.html
- http://www.americaninfosec.com/research/dossiers/AISG-12-000.pdf
- http://www.kb.cert.org/vuls/id/788478
- http://www.securitytracker.com/id?1027507
- http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf
- https://github.com/webmin/webmin/commit/ed7365064c189b8f136a9f952062249167d1bd9e
Frequently Asked Questions
What is the severity of CVE-2012-2981?
CVE-2012-2981 has a medium severity rating due to its potential to allow remote code execution.
How do I fix CVE-2012-2981?
To mitigate CVE-2012-2981, update Webmin to version 1.600 or later, which addresses the vulnerability.
Who is affected by CVE-2012-2981?
CVE-2012-2981 affects Webmin versions 1.590 and earlier, particularly on Gentoo systems.
What type of attack can exploit CVE-2012-2981?
CVE-2012-2981 can be exploited by authenticated users to execute arbitrary Perl code remotely.
How can I determine if my Webmin installation is vulnerable to CVE-2012-2981?
You can determine vulnerability by checking if your Webmin version is 1.590 or earlier.
- agent/severity
- agent/references
- agent/weakness
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/remedy
- agent/type
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/event
- agent/author
- agent/description
- vendor/gentoo
- canonical/webmin
- version/webmin/1.590
- version/webmin/1.140
- version/webmin/1.150
- version/webmin/1.160
- version/webmin/1.170
- version/webmin/1.180
- version/webmin/1.200
- version/webmin/1.210
- version/webmin/1.220
- version/webmin/1.230
- version/webmin/1.240
- version/webmin/1.260
- version/webmin/1.270
- version/webmin/1.280
- version/webmin/1.290
- version/webmin/1.300
- version/webmin/1.310
- version/webmin/1.320
- version/webmin/1.330
- version/webmin/1.340
- version/webmin/1.370
- version/webmin/1.380
- version/webmin/1.390
- version/webmin/1.400
- version/webmin/1.410
- version/webmin/1.420
- version/webmin/1.430
- version/webmin/1.440
- version/webmin/1.450
- version/webmin/1.470
- version/webmin/1.480
- version/webmin/1.500
- version/webmin/1.510
- version/webmin/1.520
- version/webmin/1.530
- version/webmin/1.550
- version/webmin/1.560
- version/webmin/1.570
- version/webmin/1.580