First of all one needs to know what a ZeroDay means, as well as webmin.
Webmin is easier to explain. If you go to webmin.com then this explanation: “Webmin is a web-based interface for system administration for Unix. Using any modern web browser, you can setup user accounts, Apache, DNS, file sharing and much more. ” are the first 2 sentences.
Yes but what does it mean?
Here is the configuration page:
So webmin is software that allows a system administrator to more easily administer Websites, DNS configuration, file sharing, and more. In short it makes it easier to administer and run a Unix or Linux server.
So many Unix(or Linux) systems run this Webmin software to make life easier for the IT person. But then there along comes a Zero Day just like many before this one, Oversitesentry 12/15/15 post.
Belkin router zero day blogpost from 11/8/14
Fireeye and Kaspersky software hit with Zero day blogpost 9/8/15
Lastpass password manager ZeroDay flaw blogpost 07/27/16
So as you see this is a recurring theme for all kinds software, including security software. Or administrative software like Webmin?
Zero day means that there is a vulnerability out there that can hack your computer AND there is NO patch to fix it.
Check out this image:
It shows how after a vulnerability is introduced(t-v) and the exploit is released in the wild(t-e), now we have a Zero Day vulnerability. At this point an exploit can hack the software with anyone that runs exploit code and the infrastructure to make money (like ransomware). So these Unix and Linux machines that have Webmin admin software are now vulnerable until Webmin can create a patch(t-p). Then once the patch is released is the administrator has to install the patch.
How long will it take for the patch to be released and installed? sometimes it is 30 days, and sometimes 60 or longer.
Update on 8/20/19: Duo Security Inc. released the following
“On August 17, the developer of the popular Webmin and Usermin Unix tools pushed out an update to fix a handful of security issues. Normally that wouldn’t generate an avalanche of interest, but in this case, one of those vulnerabilities was introduced intentionally by someone who was able to compromise the software build infrastructure used by the developers.”
So this ‘zero-day’ was actually a self-inflicted wound of sorts. it lookds like 1.930 the latest version is free from the vulnerability or backdoor code. Please patch your systems.
Let me know if you need help discussing this.