Advisories MDKSA-2006:125: Updated webmin packages fix arbitray file read vulnerability.

By paul
July 19, 2006 in Mandriva Security Advisories

Share

Recommended Posts

Posted July 19, 2006

Webmin before 1.290 and Usermin before 1.220 calls the simplify_path

function before decoding HTML, which allows remote attackers to read

arbitrary files. NOTE: This is a different issue than CVE-2006-3274.

Updated packages have been patched to correct this issue.

This topic is now closed to further replies.

×

×