By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
The bug in Usermin, a widely used administration console for Unix and Linux, could allow the introduction of rogue shell code when a user views a particular e-mail via the web. The attacking code would assume the privileges of the Usermin administrator.
Usermin lets users administer their own accounts on a network via a web-based interface and lets them carry out functions such as reading e-mail online.
In its advisory, Secunia gave the vulnerability a "highly critical" rating - its second most severe category.
Also affected is Webmin, a system administration tool that ships with Linux distributions such as Suse, Mandrake and Gentoo. Webmin contains Usermin functions, including the vulnerable web mail feature, Secunia said.