The maketemp.pl script in Usermin 1.070 and 1.080 allows local users to overwrite arbitrary files at install time via a symlink attack on the /tmp/.usermin directory.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Usermin | Usermin | 1.000 (including) | 1.000 (including) |
| Usermin | Usermin | 1.010 (including) | 1.010 (including) |
| Usermin | Usermin | 1.020 (including) | 1.020 (including) |
| Usermin | Usermin | 1.030 (including) | 1.030 (including) |
| Usermin | Usermin | 1.040 (including) | 1.040 (including) |
| Usermin | Usermin | 1.051 (including) | 1.051 (including) |
| Usermin | Usermin | 1.060 (including) | 1.060 (including) |
| Usermin | Usermin | 1.070 (including) | 1.070 (including) |
| Usermin | Usermin | 1.080 (including) | 1.080 (including) |
| Webmin | Webmin | 1.0.00 (including) | 1.0.00 (including) |
| Webmin | Webmin | 1.0.20 (including) | 1.0.20 (including) |
| Webmin | Webmin | 1.0.50 (including) | 1.0.50 (including) |
| Webmin | Webmin | 1.0.60 (including) | 1.0.60 (including) |
| Webmin | Webmin | 1.0.70 (including) | 1.0.70 (including) |
| Webmin | Webmin | 1.0.80 (including) | 1.0.80 (including) |
| Webmin | Webmin | 1.0.90 (including) | 1.0.90 (including) |
| Webmin | Webmin | 1.1.00 (including) | 1.1.00 (including) |
| Webmin | Webmin | 1.1.10 (including) | 1.1.10 (including) |
| Webmin | Webmin | 1.1.21 (including) | 1.1.21 (including) |
| Webmin | Webmin | 1.1.30 (including) | 1.1.30 (including) |
| Webmin | Webmin | 1.1.40 (including) | 1.1.40 (including) |
| Webmin | Webmin | 1.1.50 (including) | 1.1.50 (including) |