The maketemp.pl script in Usermin 1.070 and 1.080 allows local users to overwrite arbitrary files at install time via a symlink attack on the /tmp/.usermin directory.
Software | From | Fixed in |
---|---|---|
mandrakesoft / mandrake_linux | 10.0 | 10.0.x |
mandrakesoft / mandrake_linux | 9.2 | 9.2.x |
webmin / webmin | 1.0.00 | 1.0.00.x |
webmin / webmin | 1.0.20 | 1.0.20.x |
webmin / webmin | 1.0.50 | 1.0.50.x |
webmin / webmin | 1.0.60 | 1.0.60.x |
webmin / webmin | 1.0.70 | 1.0.70.x |
webmin / webmin | 1.0.80 | 1.0.80.x |
webmin / webmin | 1.0.90 | 1.0.90.x |
webmin / webmin | 1.1.00 | 1.1.00.x |
webmin / webmin | 1.1.10 | 1.1.10.x |
webmin / webmin | 1.1.21 | 1.1.21.x |
webmin / webmin | 1.1.30 | 1.1.30.x |
webmin / webmin | 1.1.40 | 1.1.40.x |
webmin / webmin | 1.1.50 | 1.1.50.x |
mandrakesoft / mandrake_linux_corporate_server | 2.1 | 2.1.x |
usermin / usermin | 1.000 | 1.000.x |
usermin / usermin | 1.010 | 1.010.x |
usermin / usermin | 1.020 | 1.020.x |
usermin / usermin | 1.030 | 1.030.x |
usermin / usermin | 1.040 | 1.040.x |
usermin / usermin | 1.051 | 1.051.x |
usermin / usermin | 1.060 | 1.060.x |
usermin / usermin | 1.070 | 1.070.x |
usermin / usermin | 1.080 | 1.080.x |