Flaw found in Unix/Linux admin tool

A flaw in two popular Unix and Linux administration consoles could lead to systems being compromised, according to an alert from...

Arif Mohamed
Published: 20 Sep 2004 17:08

A flaw in two popular Unix and Linux administration consoles could lead to systems being compromised, according to an alert from security firm Secunia.

The bug in Usermin, a widely used administration console for Unix and Linux, could allow the introduction of rogue shell code when a user views a particular e-mail via the web. The attacking code would assume the privileges of the Usermin administrator.

Usermin lets users administer their own accounts on a network via a web-based interface and lets them carry out functions such as reading e-mail online.

In its advisory, Secunia gave the vulnerability a "highly critical" rating - its second most severe category.

Also affected is Webmin, a system administration tool that ships with Linux distributions such as Suse, Mandrake and Gentoo. Webmin contains Usermin functions, including the vulnerable web mail feature, Secunia said.

Read more on Antivirus, firewall and IDS products

All
News
In Depth
Opinion
Photo Stories
Videos

Start the conversation

Send me notifications when other members comment.

-ADS BY GOOGLE

SearchCIO

Home Depot CIO promotes in-house tech boot camp

For companies having trouble finding qualified IT professionals to hire, the solution may be closer than you think. Just ask Home...
CIO presentation to the board of directors: Candid tips from CIOs

Board presentations can be scary. The good news is CIOs can't go too wrong in a climate where boards are desperate to learn about...
Edge computing use cases must be driven by business value

For Schneider Electric and many other large enterprises that take a look at edge computing projects, the main criterion for ...

SearchSecurity

How to encrypt and secure a website using HTTPS

The web is moving to HTTPS. Find out how to encrypt websites using HTTPS to stop eavesdroppers from snooping around sensitive and...
Cybersecurity frameworks hold key to solid security strategy

Cybersecurity frameworks take work, but they help organizations clarify their security strategies. If you don't have one, here's ...
How to use Metasploit commands and exploits for penetration tests

These step-by-step instructions demonstrate how to use Metasploit for enterprise vulnerability and penetration testing.

SearchNetworking

Cisco CCNA practice test: Try these 20 exam questions

Use this CCNA practice test as study material to prepare for the Cisco CCNA Routing and Switching 200-125 exam. With 20 questions...
The evolution of SDN and its role in networking

Has SDN run its course, or has the architecture simply evolved? In many current products, data centers and cloud environments, ...
Wi-Fi Certified 6 launches new era for wireless connectivity

The Wi-Fi 6 wireless standard is now ready for deployment, thanks to the debut of a certification effort that helps guarantee ...

SearchDataCenter

New Dell EPYC servers embrace AMD Rome chips

Dell EMC goes from Naples to Rome with a new line of EPYC servers, including Ready Solutions for high-performance computing and ...
Can next-gen SIEM help cybersecurity initiatives?

More organizations are using SIEM, AI and cloud technology to minimize security breaches. Though despite interest, this ...
IBM z15 mainframe secures data across multi-cloud environments

IBM unveiled the latest in its line of mainframes capable of processing 1 trillion web transactions a day. The IBM z15 ...

SearchDataManagement

Dremio Data Lake Engine 4.0 accelerates query performance

Dremio issues a new platform update, defining itself as data lake engine technology that looks to help users connect and query ...
Weighing the use of third-party database administration tools

Database expert Chris Foot details the key reasons why DBAs should consider using third-party database administration to fill ...
InfluxDB Cloud 2.0 expands open source time series database

While the core open source InfluxDB 2.0 project is still in alpha, InfluxData has advanced its cloud service to support new ...

Close