webmin
Webmin SourceForge mirror distributes backdoor (2006)
A compromised SourceForge mirror distributed a modified Webmin 1.290 archive. The tampered release carried a backdoor in /usr/libexec/webmin/openiscsi/edit_args.cgi, allowing crafted HTTP requests to reach remote command execution as root through software that administrators had downloaded from a trusted public mirror.
- Date
- 2006-08-10 to 2006-08-13
- Category
- Open Source
- Target Surface
- Distribution
- Insertion Phase
- distribution
- Impact
- Backdoor
- Cause
- Compromised Infrastructure
What Was Affected
Package
webmin
LanguagePerl
ComponentDaemon
Artifact typesource archive
Domain typepackage host
Domain
sourceforge.net
Compromised Versions
- 1.29
Incident Context
- Motive
- Unauthorized Access/Control
- Attribution
- Individual Hacker
- Observed Duration
- 3 days
Evidence
Compromised Artifacts
- sourceforge.net/projects/webadmin/files/webmin/1.290/webmin-1.290.tar.gz/download
- nchc.dl.sourceforge.net/project/webadmin/webmin/1.290/webmin-1.290.tar.gz
Current Artifacts and Analysis
Indicators and Changes
Hashes
md5:4586a745fe837e1b21a1d2f56bb5a81dsha1:aa60916d5632e4adaac5b0fa01fb6a9b35f15cd6
External References
Source Data
Source record: oss/webmin/2006/meta.yaml