Security Information and Review

Collection of security information and review

Virtualmin Multiple Vulnerabilities

Author : Admin

Virtualmin is one of the famous web hosting management or web server control panel based on Webmin. It’s offers a wide array of productivity enhancing tools for hosting providers, web developers, web designers and end users. With Virtualmin, we can manage our virtual domains, mailboxes, databases, application and entire server resources from one comprehensive interface.

In July 14, 2009, Filip Palian has discovered multiple vulnerabilities, such unprivileged port use, cross side scripting / xss, anonymous proxy, information disclousure and symlink attacks.

The first vulnerability of Virtualmin : unprivileges port use and As Webmin, Virtualmin listening by default on port 10000, but regular user are able to run their own service / daemon on that port and prevent Virtualmin to run.

The second vulnerability is cross side scripting / XSS. As with Cross Site Scripting / XSS others, Virtualmin doesn’t validate / sanitize input data correctly in several scripts. With this vulnerability, an attacker possible to conduct XSS and CSRF attaks. For example, script bellow will simulate how to attacker can exploit Virtualmin.

1
2
3
 
https://127.0.0.1:10000/left.cgi?mode=ea&dom='><script>alert(document.cookie);</script>
https://127.0.0.1:10000/virtual-server/link.cgi/%3Ci%3E%3Cscript%3Ealert(document.cookie);%3/script%3E

The third vulnerability of Virtualmin is possible attacker to use “Preview Website” feature to hide hers real location and conduct attacks on different servers in the internet. So, an attacker can become the Virtualmin as anonymous proxy. See sample bellow for detail.

1
2
 
https://127.0.0.1:10000/virtual-server/link.cgi/67.228.198.99/http://www.virtualmin.com/

The fourth vulnerability of Virtualmin, an attacker possible to view and copy any file on the server due to system call in mysql module. With this vulnerability, it’s possible to view any fle on the server because Virtualmin doesn’t need root privileges to perform some of actions. For example, see following script.

The fifth vulnerability, there are Virtualmin modules which allows the attacker to conduct a successful symlink attack, which may lead to a full compromise of the server. In some actions in Virtualmin could potentially be used to allow users to read root-owned files, via use of symbolic links by a virtual server owner and then asking the root-level user to perform some seemingly harmless actions in the Virtualmin GUI.

For detail information about this vulnerability can be found at Milw0rm and Virtualmin site. The vendor has provided updates and solutions to all vulnerabilities described above. Upgrading immediately is strongly recommended for all Virtualmin users.

Mohamad Widodo

Mohamad Widodo

Share and Enjoy: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Netvouz
  • DZone
  • ThisNext
  • MisterWong
  • Wists
  • Technorati
  • YahooMyWeb
  • Slashdot
  • StumbleUpon
Categories: Application Security
If you like this posts, please leave messages / comments.