FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

webmin -- insecure temporary file creation at installation time

Affected packages
webmin < 1.150_5

Details

VuXML ID ae7b7f65-05c7-11d9-b45d-000c41e2cdad
Discovery 2004-09-05
Entry 2004-09-14
Modified 2004-09-15

The Webmin developers documented a security issue in the release notes for version 1.160:

Fixed a security hole in the maketemp.pl script, used to create the /tmp/.webmin directory at install time. If an un-trusted user creates this directory before Webmin is installed, he could create in it a symbolic link pointing to a critical file on the system, which would be overwritten when Webmin writes to the link filename.

References

CVE Name CVE-2004-0559
URL http://www.webmin.com/changes-1.160.html