FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

webmin -- insecure temporary file creation at installation time

Affected packages
webmin < 1.150_5


VuXML ID ae7b7f65-05c7-11d9-b45d-000c41e2cdad
Discovery 2004-09-05
Entry 2004-09-14
Modified 2004-09-15

The Webmin developers documented a security issue in the release notes for version 1.160:

Fixed a security hole in the script, used to create the /tmp/.webmin directory at install time. If an un-trusted user creates this directory before Webmin is installed, he could create in it a symbolic link pointing to a critical file on the system, which would be overwritten when Webmin writes to the link filename.


CVE Name CVE-2004-0559