[VIM] Webmin traversal - changelog

Steven M. Christey coley at linus.mitre.org
Fri Jun 30 16:52:01 EDT 2006


On Fri, 30 Jun 2006, security curmudgeon wrote:

> Version 1.290 (29 June 2006)
> Fixed a security hole that would allow a remote attacker to view any file
> on the system.
>
> Version 1.280 (16 June 2006)
> Fixed a security hole that allows remote viewing of any file on the system
> when Webmin is run on a Windows server.

The 1.280 fix is associated with CVE-2006-3274, which SNS stated was a "\"
directory traversal issue, so it was probably Windows-specific.

So, I'd suspect a variant or brand-new issue, as opposed to a bad patch.

- Steve


More information about the VIM mailing list