Closed jmullentech closed 4 years ago
stale[bot]
commented
4 years ago This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
WoosterInitiative
commented
4 years ago This has been marked stale, but it is still a real issue. There is an existing pull request to fix this and it should be addressed sooner rather than later.
jmullentech
commented
4 years ago Yeah this is still an issue. I'd recommend moving to another Docker image for a DNS solution. I was able to switch over to PiHole, added my own domain entries, etc. with a down time of about 30 seconds. Took all of 5 minutes. If @sameersbn can't even find the time to respond to issues, he's not gonna take the time to update his image.
TL'DR - Move on to something that's actually supported and doesn't have gaping security vulns. Not worth the risk, IMO.
noel-jackson
commented
4 years ago You could download the files, make the appropriate modifications and build it yourself. This way you can keep it up to date. You could even host your own registry and manage updates that way.
If that's outside of your wheelhouse then yes, do find another image/solution.
If you're not familiar with Dockerfile or docker-compose it is worth the effort.
The version of Webmin packaged in this image (1.920) is vulnerable to CVE-2019-15642.
Put simply, a call to the
unserialise_variablefunction (and an associatedevalstatement) via a specially crafted POST request allows the attacker to pass shell commands directly to the container which are executed as root.I've attached two screenshots demonstrating the ability to obtain RCE and ultimately a fully interactive reverse shell on the Docker container.
I'd strongly recommend updating the image to contain the latest release of Webmin.