1. CVE-Search
  2. CVE-2006-4246
ID CVE-2006-4246
Summary Usermin before 1.220 (20060629) allows remote attackers to read arbitrary files, possibly related to chfn/save.cgi not properly handling an empty shell parameter, which results in changing root's shell instead of the shell of a specified user. This vulnerability is addressed in the following product release: Webmin, Usermin, 1.220
References
Vulnerable Configurations
  • cpe:2.3:a:usermin:usermin:0.4:*:*:*:*:*:*:*
    cpe:2.3:a:usermin:usermin:0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:usermin:usermin:0.5:*:*:*:*:*:*:*
    cpe:2.3:a:usermin:usermin:0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:usermin:usermin:0.6:*:*:*:*:*:*:*
    cpe:2.3:a:usermin:usermin:0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:usermin:usermin:0.7:*:*:*:*:*:*:*
    cpe:2.3:a:usermin:usermin:0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:usermin:usermin:0.8:*:*:*:*:*:*:*
    cpe:2.3:a:usermin:usermin:0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:usermin:usermin:0.9:*:*:*:*:*:*:*
    cpe:2.3:a:usermin:usermin:0.9:*:*:*:*:*:*:*
  • cpe:2.3:a:usermin:usermin:0.91:*:*:*:*:*:*:*
    cpe:2.3:a:usermin:usermin:0.91:*:*:*:*:*:*:*
  • cpe:2.3:a:usermin:usermin:0.92:*:*:*:*:*:*:*
    cpe:2.3:a:usermin:usermin:0.92:*:*:*:*:*:*:*
  • cpe:2.3:a:usermin:usermin:0.93:*:*:*:*:*:*:*
    cpe:2.3:a:usermin:usermin:0.93:*:*:*:*:*:*:*
  • cpe:2.3:a:usermin:usermin:0.94:*:*:*:*:*:*:*
    cpe:2.3:a:usermin:usermin:0.94:*:*:*:*:*:*:*
  • cpe:2.3:a:usermin:usermin:0.95:*:*:*:*:*:*:*
    cpe:2.3:a:usermin:usermin:0.95:*:*:*:*:*:*:*
  • cpe:2.3:a:usermin:usermin:0.96:*:*:*:*:*:*:*
    cpe:2.3:a:usermin:usermin:0.96:*:*:*:*:*:*:*
  • cpe:2.3:a:usermin:usermin:0.97:*:*:*:*:*:*:*
    cpe:2.3:a:usermin:usermin:0.97:*:*:*:*:*:*:*
  • cpe:2.3:a:usermin:usermin:0.98:*:*:*:*:*:*:*
    cpe:2.3:a:usermin:usermin:0.98:*:*:*:*:*:*:*
  • cpe:2.3:a:usermin:usermin:0.99:*:*:*:*:*:*:*
    cpe:2.3:a:usermin:usermin:0.99:*:*:*:*:*:*:*
  • cpe:2.3:a:usermin:usermin:1.000:*:*:*:*:*:*:*
    cpe:2.3:a:usermin:usermin:1.000:*:*:*:*:*:*:*
  • cpe:2.3:a:usermin:usermin:1.010:*:*:*:*:*:*:*
    cpe:2.3:a:usermin:usermin:1.010:*:*:*:*:*:*:*
  • cpe:2.3:a:usermin:usermin:1.020:*:*:*:*:*:*:*
    cpe:2.3:a:usermin:usermin:1.020:*:*:*:*:*:*:*
  • cpe:2.3:a:usermin:usermin:1.030:*:*:*:*:*:*:*
    cpe:2.3:a:usermin:usermin:1.030:*:*:*:*:*:*:*
  • cpe:2.3:a:usermin:usermin:1.040:*:*:*:*:*:*:*
    cpe:2.3:a:usermin:usermin:1.040:*:*:*:*:*:*:*
  • cpe:2.3:a:usermin:usermin:1.051:*:*:*:*:*:*:*
    cpe:2.3:a:usermin:usermin:1.051:*:*:*:*:*:*:*
  • cpe:2.3:a:usermin:usermin:1.060:*:*:*:*:*:*:*
    cpe:2.3:a:usermin:usermin:1.060:*:*:*:*:*:*:*
  • cpe:2.3:a:usermin:usermin:1.070:*:*:*:*:*:*:*
    cpe:2.3:a:usermin:usermin:1.070:*:*:*:*:*:*:*
  • cpe:2.3:a:usermin:usermin:1.080:*:*:*:*:*:*:*
    cpe:2.3:a:usermin:usermin:1.080:*:*:*:*:*:*:*
  • cpe:2.3:a:usermin:usermin:1.090:*:*:*:*:*:*:*
    cpe:2.3:a:usermin:usermin:1.090:*:*:*:*:*:*:*
  • cpe:2.3:a:usermin:usermin:1.100:*:*:*:*:*:*:*
    cpe:2.3:a:usermin:usermin:1.100:*:*:*:*:*:*:*
  • cpe:2.3:a:usermin:usermin:1.110:*:*:*:*:*:*:*
    cpe:2.3:a:usermin:usermin:1.110:*:*:*:*:*:*:*
  • cpe:2.3:a:usermin:usermin:1.120:*:*:*:*:*:*:*
    cpe:2.3:a:usermin:usermin:1.120:*:*:*:*:*:*:*
  • cpe:2.3:a:usermin:usermin:1.130:*:*:*:*:*:*:*
    cpe:2.3:a:usermin:usermin:1.130:*:*:*:*:*:*:*
  • cpe:2.3:a:usermin:usermin:1.140:*:*:*:*:*:*:*
    cpe:2.3:a:usermin:usermin:1.140:*:*:*:*:*:*:*
  • cpe:2.3:a:usermin:usermin:1.150:*:*:*:*:*:*:*
    cpe:2.3:a:usermin:usermin:1.150:*:*:*:*:*:*:*
  • cpe:2.3:a:usermin:usermin:*:*:*:*:*:*:*:*
    cpe:2.3:a:usermin:usermin:*:*:*:*:*:*:*:*
CVSS
Base: 3.6 (as of 20-07-2017 - 01:32)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE PARTIAL
cvss-vector via4 AV:L/AC:L/Au:N/C:P/I:N/A:P
refmap via4
bid 18574
confirm
debian DSA-1177
misc http://www.osreviews.net/reviews/admin/usermin
secunia
  • 21968
  • 21981
vupen ADV-2006-3668
xf usermin-shell-dos(29010)
Last major update 20-07-2017 - 01:32
Published 19-09-2006 - 18:07
Last modified 20-07-2017 - 01:32
Back to Top