[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#271590: webmin security hole.

On Tue, 14 Sep 2004, Andy Baxter wrote:

> I just found out that this attack (using a local document) only works because
> webmin has 'allow unknown referers' set by default in the 'trusted referers'
> section of the webmin config. With this turned off, the attack doesn't work
> at all, so maybe it should be set that way by default?

Thanks to Debians' email server imploding I only just got this.  I'll add
it to the next update.

Jaldhar H. Vyas <jaldhar@debian.org>
La Salle Debain - http://www.braincells.com/debian/

Reply to: