1. Home
  2. Web App Vulnerabilities
  3. How to remediate – Webmin 1.840 / 1.880 Local File Inclusion Vulnerability
Searching...

How to remediate – Webmin 1.840 / 1.880 Local File Inclusion Vulnerability

Contents

1. Introduction

Webmin 1.840 and 1.888 are affected by a local file inclusion vulnerability. This means an attacker could potentially read arbitrary files on the server, leading to information disclosure. Systems running these versions of Webmin that are accessible from the internet or trusted networks are at risk. A successful exploit could compromise confidentiality, integrity, and availability of data.

2. Technical Explanation

The vulnerability occurs because Webmin does not properly sanitise user-supplied input when handling file paths. This allows an attacker to manipulate the path used to include files, potentially reading sensitive system files or configuration details. The vulnerability is tracked as CVE-2018-8712.

  • Root cause: Insufficient input validation on file paths within Webmin’s functionality.
  • Exploit mechanism: An attacker can craft a malicious request that includes a path to a sensitive file, bypassing intended access controls. For example, an attacker could use “../../../etc/passwd” in a crafted URL parameter.
  • Scope: Webmin versions 1.840 and 1.880 are affected. Other versions may also be vulnerable; check vendor documentation.

3. Detection and Assessment

You can confirm if your system is vulnerable by checking the installed Webmin version. A thorough assessment involves reviewing Webmin configuration files for insecure settings.

  • Quick checks: Run webmin -v to display the installed version.
  • Scanning: Nessus plugin ID 113689 can detect this vulnerability, but results should be verified manually.
  • Logs and evidence: Check Webmin’s access logs for unusual file requests or attempts to access sensitive files outside of expected directories (typically located in /var/log/webmin).
webmin -v

4. Solution / Remediation Steps

The recommended solution is to update Webmin to the latest version, which includes a fix for this vulnerability.

4.1 Preparation

  • Take a full backup of your system or create a snapshot before making any changes. Stop the Webmin service if possible: systemctl stop webmin.
  • Ensure you have access to the internet to download the latest Webmin package. A roll back plan involves restoring from the backup/snapshot, or reinstalling the previous version if available.

4.2 Implementation

  1. Step 1: Download the latest Webmin package from http://www.webmin.com/changes.html.
  2. Step 2: Remove the existing Webmin installation using your system’s package manager (e.g., apt remove webmin or yum remove webmin).
  3. Step 3: Install the downloaded package using your system’s package manager.
  4. Step 4: Start the Webmin service: systemctl start webmin.

4.3 Config or Code Example

Before

# No specific configuration changes are required, but ensure Webmin is updated to address the vulnerability.  Older versions may have insecure defaults.

After

# Verify the updated version using webmin -v after installation. Ensure no error messages appear during startup.

4.4 Security Practices Relevant to This Vulnerability

Several security practices can help prevent this type of vulnerability.

  • Practice 1: Least privilege – run Webmin with the minimum necessary permissions to reduce the impact if exploited.
  • Practice 2: Input validation – implement strict input validation on all user-supplied data to block malicious characters and paths.

4.5 Automation (Optional)

# Example Ansible task to update Webmin (adapt for your distribution):
# - name: Update Webmin
#   apt:
#     name: webmin
#     state: latest
#   become: true

5. Verification / Validation

Confirm the fix by checking the updated version and attempting a test exploit.

  • Post-fix check: Run webmin -v; the output should show a version newer than 1.880.
  • Re-test: Attempt to access sensitive files using a crafted URL parameter (e.g., through a web browser or curl). The request should be blocked, and no file content should be returned.
  • Smoke test: Verify that you can still log in to the Webmin interface and perform basic administrative tasks.
  • Monitoring: Monitor Webmin’s access logs for any unusual activity or attempts to access sensitive files.
webmin -v

6. Preventive Measures and Monitoring

Regularly update your systems and implement security best practices.

  • Baselines: Update your security baseline to require the latest Webmin version or a patched version.
  • Pipelines: Integrate vulnerability scanning into your CI/CD pipeline to detect known vulnerabilities in dependencies like Webmin.
  • Asset and patch process: Establish a regular patch review cycle for all systems, including Webmin, based on risk assessment.

7. Risks, Side Effects, and Roll Back

Updating Webmin may introduce compatibility issues with existing configurations or plugins.

  • Risk or side effect 2: Service interruption – ensure you have a roll back plan in case of unexpected errors during the update process.
  • Roll back: Restore from your backup/snapshot, or reinstall the previous Webmin version if available.

8. References and Resources

Updated on October 26, 2025

Was this article helpful?

Yes No

Related Articles