On Sat, Apr 23, 2011 at 06:11:12PM -0700, Jamie Cameron wrote: > Hi Javier, > > Thanks for reporting this - I hadn't considered this attack > vector, as I didn't realize that chfn could be used to modify a user's > real name. > > I have created a fix which you can see at : > > https://github.com/webmin/webmin/commit/46e3d3ad195dcdc1af1795c96b6e0dc778fb6881 > > Also an update for the Users and Groups module can be found at > http://www.webmin.com/updates.html , and will be available from within > the Webmin UI. > > - Jamie
In what Webmin-release this will be fixed? Do you have CVE-identifier for this yet? Best regards, Henri Salo _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
