Dear Planet Earth: Patch Webmin now – zero-day exploit emerges for potential hijack hole in server control panel

Dear Planet Earth: Patch Webmin now – zero-day exploit emerges for potential hijack hole in server control panel

Flawed code traced to home build system, vulnerability can be attacked in certain configs


The maintainers of Webmin – an open-source application for system administration tasks on Unix-flavored systems – have released Webmin version 1.930 and the related Usermin version 1.780 to patch a vulnerability that can be exploited to achieve remote code execution in certain configurations.


Joe Cooper, one of the contributing developers, announced the patch in a blog post over the weekend.


"This release addresses CVE-2019-15107, which was disclosed earlier today," Cooper said. "We received no advance notification of it, which is unusual and unethical on the part of the researcher who discovered it. But, ..