Vulnerability Scanning Solutions, LLC.
Our Process
What We Scan For
Sample Report
Client List
Contact Us
What We Scan For
Family: Gentoo Local Security Checks --> Category: infos

[GLSA-200502-12] Webmin: Information leak in Gentoo binary package Vulnerability Scan

Vulnerability Scan Summary
Webmin: Information leak in Gentoo binary package

Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200502-12
(Webmin: Information leak in Gentoo binary package)

Tavis Ormandy of the Gentoo Linux Security Audit Team discovered
that the Webmin ebuild contains a design flaw. It imports the encrypted
local root password into the miniserv.users file before building binary
packages that include this file.


A remote attacker could retrieve Portage-built Webmin binary
packages and recover the encrypted root password from the build host.


Users who never built or shared a Webmin binary package are
unaffected by this.

Webmin users should delete any old shared Webmin binary package as
soon as possible. They should also consider their buildhost root
password potentially exposed and follow proper audit procedures.
If you plan to build binary packages, you should upgrade to the
latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-admin/webmin-1.170-r3"

Threat Level: Medium

Click HERE for more information and discussions on this network vulnerability scan.


P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.