GEN:SID 1:2202
Message WEB-CGI edit_action.cgi access
Summary This event is generated when an attempt is made to access edit_action.cgi on an internal web server. This may indicate an attempt to exploit a directory traversal vulnerability in Webmin 0.91.
Impact Information gathering, possible execution of system utilities to which Webmin has rights.
Detailed Information Webmin is a web-based system administration tool for Linux and UNIX-based operating systems. A malicious user could use directory traversal techniques within an argument sent to the edit_action.cgi script in order to view hidden files on the server or execute programs to which Webmin has security privileges.
Affected Systems Systems running Webmin 0.91.
Attack Scenarios An attacker creates a specially crafted an edit_action.cgi URL and transmits it to a vulnerable server. The attacker can then view or execute any arbitrary file included in the parameter, provided that Webmin has rights to access it.
Ease of Attack Simple. A proof of concept exists.
Corrective Action Upgrade to Webmin 0.92 or higher.
Additional References Bugtraq
http://www.securityfocus.com/bid/3698
Rule References bugtraq: 3698
bugtraq: 4579
cve: 2001-1196
nessus: 11748