Usermin before 1.220 (20060629) allows remote attackers to read arbitrary files, possibly related to chfn/save.cgi not properly handling an empty shell parameter, which results in changing root's shell instead of the shell of a specified user.

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact Partial

AV:L/AC:L/Au:N/C:P/I:N/A:P
Vendors Products
Usermin
  • Usermin

Configuration 1 [-]

OR cpe:2.3:a:usermin:usermin:*:*:*:*:*:*:*:*
cpe:2.3:a:usermin:usermin:0.4:*:*:*:*:*:*:*
cpe:2.3:a:usermin:usermin:0.5:*:*:*:*:*:*:*
cpe:2.3:a:usermin:usermin:0.6:*:*:*:*:*:*:*
cpe:2.3:a:usermin:usermin:0.7:*:*:*:*:*:*:*
cpe:2.3:a:usermin:usermin:0.8:*:*:*:*:*:*:*
cpe:2.3:a:usermin:usermin:0.9:*:*:*:*:*:*:*
cpe:2.3:a:usermin:usermin:0.91:*:*:*:*:*:*:*
cpe:2.3:a:usermin:usermin:0.92:*:*:*:*:*:*:*
cpe:2.3:a:usermin:usermin:0.93:*:*:*:*:*:*:*
cpe:2.3:a:usermin:usermin:0.94:*:*:*:*:*:*:*
cpe:2.3:a:usermin:usermin:0.95:*:*:*:*:*:*:*
cpe:2.3:a:usermin:usermin:0.96:*:*:*:*:*:*:*
cpe:2.3:a:usermin:usermin:0.97:*:*:*:*:*:*:*
cpe:2.3:a:usermin:usermin:0.98:*:*:*:*:*:*:*
cpe:2.3:a:usermin:usermin:0.99:*:*:*:*:*:*:*
cpe:2.3:a:usermin:usermin:1.000:*:*:*:*:*:*:*
cpe:2.3:a:usermin:usermin:1.010:*:*:*:*:*:*:*
cpe:2.3:a:usermin:usermin:1.020:*:*:*:*:*:*:*
cpe:2.3:a:usermin:usermin:1.030:*:*:*:*:*:*:*
cpe:2.3:a:usermin:usermin:1.040:*:*:*:*:*:*:*
cpe:2.3:a:usermin:usermin:1.051:*:*:*:*:*:*:*
cpe:2.3:a:usermin:usermin:1.060:*:*:*:*:*:*:*
cpe:2.3:a:usermin:usermin:1.070:*:*:*:*:*:*:*
cpe:2.3:a:usermin:usermin:1.080:*:*:*:*:*:*:*
cpe:2.3:a:usermin:usermin:1.090:*:*:*:*:*:*:*
cpe:2.3:a:usermin:usermin:1.100:*:*:*:*:*:*:*
cpe:2.3:a:usermin:usermin:1.110:*:*:*:*:*:*:*
cpe:2.3:a:usermin:usermin:1.120:*:*:*:*:*:*:*
cpe:2.3:a:usermin:usermin:1.130:*:*:*:*:*:*:*
cpe:2.3:a:usermin:usermin:1.140:*:*:*:*:*:*:*
cpe:2.3:a:usermin:usermin:1.150:*:*:*:*:*:*:*
References
Link Resource
http://secunia.com/advisories/21968 Vendor Advisory
http://secunia.com/advisories/21981 Patch Vendor Advisory
http://sourceforge.net/tracker/index.php?func=detail&aid=1509145&group_id=17457&atid=485894 Patch
http://www.debian.org/security/2006/dsa-1177 Patch
http://www.osreviews.net/reviews/admin/usermin
http://www.securityfocus.com/bid/18574 Patch
http://www.vupen.com/english/advisories/2006/3668
http://www.webmin.com/uchanges.html Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/29010
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: debian

Published: 2006-09-19T18:00:00

Updated: 2017-07-19T15:57:01

Reserved: 2006-08-21T00:00:00

Link: CVE-2006-4246

JSON object: View

cve-icon NVD Information

Status : Modified

Published: 2006-09-19T18:07:00.000

Modified: 2017-07-20T01:32:57.303

Link: CVE-2006-4246

JSON object: View

cve-icon Redhat Information

No data.

CWE