[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] Portsentry, ipchains and pmfirewall
- Subject: Re: [cobalt-security] Portsentry, ipchains and pmfirewall
- From: Michael Stauber <cobalt@xxxxxxxxxxxxxx>
- Date: Wed, 23 Jan 2002 23:15:15 +0100
- Organization: Stauber Multimedia Design
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Hi Jim,
> why is Webmin considered to be unsafe. I run it under Net::SSLeay
If you allow UDP packets to be received at the webmin port, then it's
possible to pry webmin open and to gain full access. It requires
the attacker to send customly and manually crafted packets and it requires
some patience as it's not a 100% straightforward process.
As far as I know there are no exploit scripts available yet, but I imagine
that's just a matter of time.
--
With best regards,
Michael Stauber
mstauber@xxxxxxxxxxxxxx
Unix/Linux Support Engineer