Flaw found in Unix/Linux admin tool


Flaw found in Unix/Linux admin tool

Arif Mohamed
A flaw in two popular Unix and Linux administration consoles could lead to systems being compromised, according to an alert from security firm Secunia.

The bug in Usermin, a widely used administration console for Unix and Linux, could allow the introduction of rogue shell code when a user views a particular e-mail via the web. The attacking code would assume the privileges of the Usermin administrator.

Usermin lets users administer their own accounts on a network via a web-based interface and lets them carry out functions such as reading e-mail online.

In its advisory, Secunia gave the vulnerability a "highly critical" rating - its second most severe category.

Also affected is Webmin, a system administration tool that ships with Linux distributions such as Suse, Mandrake and Gentoo. Webmin contains Usermin functions, including the vulnerable web mail feature, Secunia said.

Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy