[CCID News] Usermin is a widely used management platform in Unix and Linux. On September 14, according to some security researchers, a vulnerability is found in the platform, which enables hackers to pass specially email Run malicious code.
Usermin allows UNIX and Linux users to manage their accounts on the web through the web interface, such as reading email, etc.. This tool is generally not included in UNIX or Linux products, but is often used with WebMin. Webmin is the most popular system management tool, launched together with Linux products such as SUSE, MANDRAKE, GENTOO. Some researchers said that although this independent vulnerability is not too serious, it has an impact on Webmin and Usermin.
The vulnerability exists in the email function of Usermin, which enables hackers into the malicious code in specially prepared emails and makes the code remotely.
According to the Chief Technology Officer of Danish Safety, Thomaskristensen said: "Some emails cannot be properly validated when using Usermin, and can use the vulnerability by sending malicious emails to usermin users." Secunia ranked the vulnerability as "high danger" Level, second dangerous grade.
The user is recommended to upgrade to the latest UserMin and Webmin version.
