Vulnerability Description
Usermin before 1.220 (20060629) allows remote attackers to read arbitrary files, possibly related to chfn/save.cgi not properly handling an empty shell parameter, which results in changing root's shell instead of the shell of a specified user.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Usermin | Usermin | <= 1.210 |
References
- http://secunia.com/advisories/21968Vendor Advisory
- http://secunia.com/advisories/21981PatchVendor Advisory
- http://sourceforge.net/tracker/index.php?func=detail&aid=1509145&group_id=17457&Patch
- http://www.debian.org/security/2006/dsa-1177Patch
- http://www.osreviews.net/reviews/admin/usermin
- http://www.securityfocus.com/bid/18574Patch
- http://www.vupen.com/english/advisories/2006/3668
- http://www.webmin.com/uchanges.htmlPatch
- https://exchange.xforce.ibmcloud.com/vulnerabilities/29010
- http://secunia.com/advisories/21968Vendor Advisory
- http://secunia.com/advisories/21981PatchVendor Advisory
- http://sourceforge.net/tracker/index.php?func=detail&aid=1509145&group_id=17457&Patch
- http://www.debian.org/security/2006/dsa-1177Patch
- http://www.osreviews.net/reviews/admin/usermin
- http://www.securityfocus.com/bid/18574Patch
FAQ
What is CVE-2006-4246?
CVE-2006-4246 is a vulnerability with a CVSS score of 3.6 (LOW). Usermin before 1.220 (20060629) allows remote attackers to read arbitrary files, possibly related to chfn/save.cgi not properly handling an empty shell parameter, which results in changing root's shel...
How severe is CVE-2006-4246?
CVE-2006-4246 has been rated LOW with a CVSS base score of 3.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-4246?
Check the references section above for vendor advisories and patch information. Affected products include: Usermin Usermin.