CVE-2006-4246 - Vulnerability Details

Usermin before 1.220 (20060629) allows remote attackers to read arbitrary files, possibly related to chfn/save.cgi not properly handling an empty shell parameter, which results in changing root's shell instead of the shell of a specified user.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact Partial

AV:L/AC:L/Au:N/C:P/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Usermin	Usermin

Configuration 1 [-]

OR	cpe:2.3:a:usermin:usermin::::::::
	cpe:2.3:a:usermin:usermin:0.4:::::::*
	cpe:2.3:a:usermin:usermin:0.5:::::::*
	cpe:2.3:a:usermin:usermin:0.6:::::::*
	cpe:2.3:a:usermin:usermin:0.7:::::::*
	cpe:2.3:a:usermin:usermin:0.8:::::::*
	cpe:2.3:a:usermin:usermin:0.9:::::::*
	cpe:2.3:a:usermin:usermin:0.91:::::::*
	cpe:2.3:a:usermin:usermin:0.92:::::::*
	cpe:2.3:a:usermin:usermin:0.93:::::::*
	cpe:2.3:a:usermin:usermin:0.94:::::::*
	cpe:2.3:a:usermin:usermin:0.95:::::::*
	cpe:2.3:a:usermin:usermin:0.96:::::::*
	cpe:2.3:a:usermin:usermin:0.97:::::::*
	cpe:2.3:a:usermin:usermin:0.98:::::::*
	cpe:2.3:a:usermin:usermin:0.99:::::::*
	cpe:2.3:a:usermin:usermin:1.000:::::::*
	cpe:2.3:a:usermin:usermin:1.010:::::::*
	cpe:2.3:a:usermin:usermin:1.020:::::::*
	cpe:2.3:a:usermin:usermin:1.030:::::::*
	cpe:2.3:a:usermin:usermin:1.040:::::::*
	cpe:2.3:a:usermin:usermin:1.051:::::::*
	cpe:2.3:a:usermin:usermin:1.060:::::::*
	cpe:2.3:a:usermin:usermin:1.070:::::::*
	cpe:2.3:a:usermin:usermin:1.080:::::::*
	cpe:2.3:a:usermin:usermin:1.090:::::::*
	cpe:2.3:a:usermin:usermin:1.100:::::::*
	cpe:2.3:a:usermin:usermin:1.110:::::::*
	cpe:2.3:a:usermin:usermin:1.120:::::::*
	cpe:2.3:a:usermin:usermin:1.130:::::::*
	cpe:2.3:a:usermin:usermin:1.140:::::::*
	cpe:2.3:a:usermin:usermin:1.150:::::::*

No data.

References

Link	Providers
http://secunia.com/advisories/21968
http://secunia.com/advisories/21981
http://sourceforge.net/tracker/index.php?func=detail&aid=1509145&group_id=17457&atid=485894
http://www.debian.org/security/2006/dsa-1177
http://www.osreviews.net/reviews/admin/usermin
http://www.securityfocus.com/bid/18574
http://www.vupen.com/english/advisories/2006/3668
http://www.webmin.com/uchanges.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/29010

History

No history.

MITRE

Status: PUBLISHED

Assigner: debian

Published: 2006-09-19T18:00:00

Updated: 2024-08-07T19:06:07.026Z

Reserved: 2006-08-21T00:00:00

Link: CVE-2006-4246

Vulnrichment

No data.

NVD

Status : Modified

Published: 2006-09-19T18:07:00.000

Modified: 2024-11-21T00:15:29.027

Link: CVE-2006-4246

Redhat

No data.

Metrics

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact Partial

Affected Vendors & Products

Metrics

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object