CVE-2012-2982
First published: Tue Sep 11 2012(Updated: )
file/show.cgi in Webmin 1.590 and earlier allows remote authenticated users to execute arbitrary commands via an invalid character in a pathname, as demonstrated by a | (pipe) character.
Credit: cret@cert.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Webmin | <=1.590 | |
| Webmin | =1.140 | |
| Webmin | =1.150 | |
| Webmin | =1.160 | |
| Webmin | =1.170 | |
| Webmin | =1.180 | |
| Webmin | =1.200 | |
| Webmin | =1.210 | |
| Webmin | =1.220 | |
| Webmin | =1.230 | |
| Webmin | =1.240 | |
| Webmin | =1.260 | |
| Webmin | =1.270 | |
| Webmin | =1.280 | |
| Webmin | =1.290 | |
| Webmin | =1.300 | |
| Webmin | =1.310 | |
| Webmin | =1.320 | |
| Webmin | =1.330 | |
| Webmin | =1.340 | |
| Webmin | =1.370 | |
| Webmin | =1.380 | |
| Webmin | =1.390 | |
| Webmin | =1.400 | |
| Webmin | =1.410 | |
| Webmin | =1.420 | |
| Webmin | =1.430 | |
| Webmin | =1.440 | |
| Webmin | =1.450 | |
| Webmin | =1.470 | |
| Webmin | =1.480 | |
| Webmin | =1.500 | |
| Webmin | =1.510 | |
| Webmin | =1.520 | |
| Webmin | =1.530 | |
| Webmin | =1.550 | |
| Webmin | =1.560 | |
| Webmin | =1.570 | |
| Webmin | =1.580 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://americaninfosec.com/research/index.html
- http://www.americaninfosec.com/research/dossiers/AISG-12-001.pdf
- http://www.kb.cert.org/vuls/id/788478
- http://www.securitytracker.com/id?1027507
- http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf
- https://github.com/webmin/webmin/commit/1f1411fe7404ec3ac03e803cfa7e01515e71a213
Frequently Asked Questions
What is the severity of CVE-2012-2982?
CVE-2012-2982 has a medium severity rating as it allows remote authenticated users to execute arbitrary commands.
How do I fix CVE-2012-2982?
To fix CVE-2012-2982, upgrade to Webmin version 1.590 or later to eliminate the vulnerability.
Who is affected by CVE-2012-2982?
CVE-2012-2982 affects all versions of Webmin up to and including 1.590.
What type of vulnerability is CVE-2012-2982?
CVE-2012-2982 is a command injection vulnerability due to improper handling of input in file/show.cgi.
Can CVE-2012-2982 be exploited remotely?
Yes, CVE-2012-2982 can be exploited remotely by authenticated users.
- agent/severity
- agent/references
- agent/remedy
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/description
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/event
- agent/author
- agent/type
- vendor/gentoo
- canonical/webmin
- version/webmin/1.590
- version/webmin/1.140
- version/webmin/1.150
- version/webmin/1.160
- version/webmin/1.170
- version/webmin/1.180
- version/webmin/1.200
- version/webmin/1.210
- version/webmin/1.220
- version/webmin/1.230
- version/webmin/1.240
- version/webmin/1.260
- version/webmin/1.270
- version/webmin/1.280
- version/webmin/1.290
- version/webmin/1.300
- version/webmin/1.310
- version/webmin/1.320
- version/webmin/1.330
- version/webmin/1.340
- version/webmin/1.370
- version/webmin/1.380
- version/webmin/1.390
- version/webmin/1.400
- version/webmin/1.410
- version/webmin/1.420
- version/webmin/1.430
- version/webmin/1.440
- version/webmin/1.450
- version/webmin/1.470
- version/webmin/1.480
- version/webmin/1.500
- version/webmin/1.510
- version/webmin/1.520
- version/webmin/1.530
- version/webmin/1.550
- version/webmin/1.560
- version/webmin/1.570
- version/webmin/1.580