[VIM] Webmin traversal - changelog
Steven M. Christey
coley at linus.mitre.org
Fri Jun 30 16:52:01 EDT 2006
On Fri, 30 Jun 2006, security curmudgeon wrote:
> Version 1.290 (29 June 2006)
> Fixed a security hole that would allow a remote attacker to view any file
> on the system.
>
> Version 1.280 (16 June 2006)
> Fixed a security hole that allows remote viewing of any file on the system
> when Webmin is run on a Windows server.
The 1.280 fix is associated with CVE-2006-3274, which SNS stated was a "\"
directory traversal issue, so it was probably Windows-specific.
So, I'd suspect a variant or brand-new issue, as opposed to a bad patch.
- Steve
More information about the VIM
mailing list