Mu phukusi , yomwe imapereka zida zoyendetsera seva yakutali, khomo lakumbuyo (), yopezeka muzomangamanga zovomerezeka, kudzera ku Sourceforge ndi pa tsamba lalikulu. Khomo lakumbuyo linalipo pakumanga kuchokera ku 1.882 mpaka 1.921 kuphatikiza (panalibe code yokhala ndi backdoor mu git repository) ndipo amalola kuti malamulo a chipolopolo achitidwe patali popanda kutsimikizika pa dongosolo lomwe lili ndi ufulu wa mizu.
Pazowukira, ndikwanira kukhala ndi doko lotseguka la netiweki ndi Webmin ndikuyambitsa ntchito yosinthira mapasiwedi akale pa intaneti (yothandizidwa ndi kusakhazikika mu builds 1.890, koma yoyimitsidwa m'mitundu ina). Vuto Π² 1.930. Monga muyeso wanthawi yochepa kuti mutseke pakhomo lakumbuyo, ingochotsani "passwd_mode=" kuyika pa /etc/webmin/miniserv.conf configuration file. Kukonzekera kuyezetsa .
Vuto linali m'mawu achinsinsi_change.cgi, momwe mungayang'anire mawu achinsinsi omwe adalowetsedwa mu fomu yapaintaneti ntchito ya unix_crypt, yomwe mawu achinsinsi adalandira kuchokera kwa wogwiritsa ntchito amadutsa popanda kuthawa zilembo zapadera. Mu git repository ntchitoyi atakulungidwa mozungulira Crypt :: UnixCrypt module ndipo sizowopsa, koma zolemba zakale zomwe zimaperekedwa patsamba la Sourceforge zimayimba kachidindo yomwe imalowa mwachindunji /etc/shadow, koma imachita izi pogwiritsa ntchito chipolopolo. Kuti muwukire, ingolowetsani chizindikiro "|" m'munda ndi mawu achinsinsi akale. ndi code yotsatirayi itatha kuchitidwa ndi maufulu a mizu pa seva.
Ndi Madivelopa a Webmin, code yoyipa idayikidwa chifukwa cha kuwonongeka kwa polojekitiyo. Zambiri sizinaperekedwebe, kotero sizikudziwika ngati kuthyolako kunali kokha pakuwongolera akaunti ya Sourceforge kapena kukhudza zinthu zina za chitukuko cha Webmin ndikumanga zomangamanga. Khodi yoyipayi yakhala ikupezeka m'malo osungiramo zakale kuyambira Marichi 2018. Vutoli linakhudzanso . Pakadali pano, zolemba zonse zotsitsa zimamangidwanso kuchokera ku Git.
Source: opennet.ru