Copy
We have been made aware of a remote exploit in Webmin 1.920 (latest) that would allow users to run arbitrary commands.

The function that is being exploited is related to the user password change that appears to be enabled by default. It is recommended that you disable that function and also temporarily disable password_change.cgi at the file system level until a patch has been released.

Please monitor the change log for updates:

http://www.webmin.com/changes.html

At the time of writing this, no patch has been issued to our knowledge!

============================================================

RACK911 Labs
1110 Palms Airport Drive, Suite 110
Las Vegas, NV 89119

1-855-RACK911

============================================================
UNSUBSCRIBE:
https://hostingseclist.us3.list-manage.com/unsubscribe?u=722bc323a024d15a407baae81&id=3d82a776ec&e=[UNIQID]&c=2513aed8e1

FORWARD EMAIL:
http://us3.forward-to-friend.com/forward?u=722bc323a024d15a407baae81&id=2513aed8e1&e=[UNIQID]

UPDATE PROFILE:
https://hostingseclist.us3.list-manage.com/profile?u=722bc323a024d15a407baae81&id=3d82a776ec&e=[UNIQID]