[SECURITY-L] [oss-security] Webmin UDP/10000 discovery service Loop DoS (COK-2024-05-05)
CSIRT Unicamp
security em unicamp.br
Quarta Setembro 4 08:38:04 -03 2024
Webmin is a web-based system administration tool for Unix-like servers, and
services with about 1,000,000 yearly installations worldwide.
Webmin/Virtualmin use a UDP service discovery, usually running on port
UDP/10000. This service responds to any UDP request with the IP address and
port on which the control panel is available.
This behavior can be used to implement a Loop DoS attack (CVE-2024-2169
etc) by sending udp packets with spoofed source ip:port using other Webmin
instance IP-andreess that can lead to endless traffic exchange between
hosts, Denial of Service (DOS) and/or abuse of resources.
Fix:
Users are recommended to upgrade to version Webmin 2.202, Virtualmin 7.20.2
which fixes the issue.
Workaround:
Block UDP/10000 the service for access from the Internet.
References:
https://webmin.com/
https://cispa.de/en/loop-dos
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2169
Credits:
Alexander Chernenkov, Sergey Gordeychik, CyberOK
===
Computer Security Incident Response Team - CSIRT
Universidade Estadual de Campinas - Unicamp
Centro de Computacao - CCUEC
GnuPG Public Key: http://www.security.unicamp.br/security.asc [^]
Contato: +55 19 3521-2289 ou INOC-DBA: 1251*830
-------------- Próxima Parte ----------
Um anexo em HTML foi limpo...
URL: <http://www.listas.unicamp.br/pipermail/security-l/attachments/20240904/5129e94f/attachment.html>
Mais detalhes sobre a lista de discussão SECURITY-L