Welcome, Guest
Please Login or Register.
Lost Password?
Virtualmin Forum English News
Immediate update of Webmin and Usermin strongly recommended (1 viewing)
Post Reply

TOPIC: Immediate update of Webmin and Usermin strongly recommended
#2548
Joe (Admin)
Posts: 4084
graph
Immediate update of Webmin and Usermin strongly recommended 2006/08/17 16:16  
Hi all,

If you haven't been regularly updating your system using yum, urpmi, or yast, I strongly recommend you update your Webmin and Usermin packages immediately. A local file access exploit exists for all versions of Webmin and Usermin prior to 1.290 and 1.220, respectively, which would allow an attacker to gain access to the shadow password file. This, in itself, would not reveal passwords, but a brute force attack on the encrypted passwords contained within is made remarkably easier and faster with access to the file.

The updates to correct this issue have been in the repository since June 28th, but it's not always easy to remember to update regularly, and at least one user has experienced an account compromise due to this exploit combined with a weak password.

To upgrade on Red Hat based systems:

yum update webmin usermin

On SUSE systems:

yast -i webmin usermin

And on Mandriva systems:

urpmi webmin usermin

Please let us know of any problems, by filing a bug in the bug tracker.
  The topic has been locked.
Post Reply
get the latest posts directly to your desktop

Learn

About
Documentation
FAQ
Compare

Talk and Get Help

Support
Forums
Bugs and Issues

See It In Action

Screenshots
Video Introduction
Demo

Get Virtualmin

OS Support
Buy Online
Download
 Copyright 2005-2007 Virtualmin, Inc. All rights reserved.