The maketemp.pl script in Usermin 1.070 and 1.080 allows local users to overwrite arbitrary files at install time via a symlink attack on the /tmp/.usermin directory.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Usermin | Usermin | 1.000 | 1.000 |
Usermin | Usermin | 1.010 | 1.010 |
Usermin | Usermin | 1.020 | 1.020 |
Usermin | Usermin | 1.030 | 1.030 |
Usermin | Usermin | 1.040 | 1.040 |
Usermin | Usermin | 1.051 | 1.051 |
Usermin | Usermin | 1.060 | 1.060 |
Usermin | Usermin | 1.070 | 1.070 |
Usermin | Usermin | 1.080 | 1.080 |
Webmin | Webmin | 1.0.00 | 1.0.00 |
Webmin | Webmin | 1.0.20 | 1.0.20 |
Webmin | Webmin | 1.0.50 | 1.0.50 |
Webmin | Webmin | 1.0.60 | 1.0.60 |
Webmin | Webmin | 1.0.70 | 1.0.70 |
Webmin | Webmin | 1.0.80 | 1.0.80 |
Webmin | Webmin | 1.0.90 | 1.0.90 |
Webmin | Webmin | 1.1.00 | 1.1.00 |
Webmin | Webmin | 1.1.10 | 1.1.10 |
Webmin | Webmin | 1.1.21 | 1.1.21 |
Webmin | Webmin | 1.1.30 | 1.1.30 |
Webmin | Webmin | 1.1.40 | 1.1.40 |
Webmin | Webmin | 1.1.50 | 1.1.50 |