webmin function critical vulnerability cve-2019-15107 (aug 2019)

Preface: The Amazon rainforest is the lungs of the earth. Even humans are stronger than ancient people. But we rely on oxygen to survive. Amazon rainforest fire, do you think we are heading to the edge?

About webmin software: Webmin is a web-based interface for system administration for Unix. Using any modern web browser, you can setup user accounts, Apache, DNS, file sharing and much more. AWS especially lamp stack web app, the basic function on demand to use webmin software.

Vulnerability details: A vulnerability in Webmin could allow an unauthenticated, remote attacker to execute arbitrary commands with root privileges on a targeted system. See the attached drawing for details.

Remark: This vulnerability will be occured when the changing of expired passwords function is enabled. But this function not enabled by default.

Remedy: upgrading to version 1.930 is strongly recommended. Alternately, if running versions 1.900 to 1.920, edit /etc/webmin/miniserv.conf, remove the passwd_mode= line, then run /etc/webmin/restart.