Bug#271590: webmin security hole.
On Tue, 14 Sep 2004, Andy Baxter wrote:
> I just found out that this attack (using a local document) only works because
> webmin has 'allow unknown referers' set by default in the 'trusted referers'
> section of the webmin config. With this turned off, the attack doesn't work
> at all, so maybe it should be set that way by default?
>
Thanks to Debians' email server imploding I only just got this. I'll add
it to the next update.
--
Jaldhar H. Vyas <jaldhar@debian.org>
La Salle Debain - http://www.braincells.com/debian/
Reply to: