Vulnerability Name:

CVE-2006-4246 (CCN-29010)

Assigned:2006-09-18
Published:2006-09-18
Updated:2017-07-20
Summary:Usermin before 1.220 (20060629) allows remote attackers to read arbitrary files, possibly related to chfn/save.cgi not properly handling an empty shell parameter, which results in changing root's shell instead of the shell of a specified user.
This vulnerability is addressed in the following product release:
Webmin, Usermin, 1.220
CVSS v3 Severity:6.2 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
CVSS v2 Severity:3.6 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:P)
2.6 Low (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): Partial
4.9 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Complete
Vulnerability Type:CWE-Other
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2006-4246

Source: CCN
Type: SA21968
Usermin "shell" Denial of Service Vulnerability

Source: SECUNIA
Type: Vendor Advisory
21968

Source: SECUNIA
Type: Patch, Vendor Advisory
21981

Source: CONFIRM
Type: Patch
http://sourceforge.net/tracker/index.php?func=detail&aid=1509145&group_id=17457&atid=485894

Source: DEBIAN
Type: Patch
DSA-1177

Source: DEBIAN
Type: DSA-1177
usermin -- programming error

Source: CCN
Type: OS Reviews Web site
Usermin - User's Little Helper

Source: MISC
Type: UNKNOWN
http://www.osreviews.net/reviews/admin/usermin

Source: CCN
Type: OSVDB ID: 28915
Usermin chfn/save.cgi shell Variable Malformed Value DoS

Source: BID
Type: Patch
18574

Source: CCN
Type: BID-18574
Usermin Change User Details Remote Denial of Service Vulnerability

Source: VUPEN
Type: UNKNOWN
ADV-2006-3668

Source: CCN
Type: Usermin Web page
Usermin

Source: CONFIRM
Type: Patch
http://www.webmin.com/uchanges.html

Source: XF
Type: UNKNOWN
usermin-shell-dos(29010)

Source: XF
Type: UNKNOWN
usermin-shell-dos(29010)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:usermin:usermin:0.4:*:*:*:*:*:*:*
  • OR cpe:/a:usermin:usermin:0.5:*:*:*:*:*:*:*
  • OR cpe:/a:usermin:usermin:0.6:*:*:*:*:*:*:*
  • OR cpe:/a:usermin:usermin:0.7:*:*:*:*:*:*:*
  • OR cpe:/a:usermin:usermin:0.8:*:*:*:*:*:*:*
  • OR cpe:/a:usermin:usermin:0.9:*:*:*:*:*:*:*
  • OR cpe:/a:usermin:usermin:0.91:*:*:*:*:*:*:*
  • OR cpe:/a:usermin:usermin:0.92:*:*:*:*:*:*:*
  • OR cpe:/a:usermin:usermin:0.93:*:*:*:*:*:*:*
  • OR cpe:/a:usermin:usermin:0.94:*:*:*:*:*:*:*
  • OR cpe:/a:usermin:usermin:0.95:*:*:*:*:*:*:*
  • OR cpe:/a:usermin:usermin:0.96:*:*:*:*:*:*:*
  • OR cpe:/a:usermin:usermin:0.97:*:*:*:*:*:*:*
  • OR cpe:/a:usermin:usermin:0.98:*:*:*:*:*:*:*
  • OR cpe:/a:usermin:usermin:0.99:*:*:*:*:*:*:*
  • OR cpe:/a:usermin:usermin:1.000:*:*:*:*:*:*:*
  • OR cpe:/a:usermin:usermin:1.010:*:*:*:*:*:*:*
  • OR cpe:/a:usermin:usermin:1.020:*:*:*:*:*:*:*
  • OR cpe:/a:usermin:usermin:1.030:*:*:*:*:*:*:*
  • OR cpe:/a:usermin:usermin:1.040:*:*:*:*:*:*:*
  • OR cpe:/a:usermin:usermin:1.051:*:*:*:*:*:*:*
  • OR cpe:/a:usermin:usermin:1.060:*:*:*:*:*:*:*
  • OR cpe:/a:usermin:usermin:1.070:*:*:*:*:*:*:*
  • OR cpe:/a:usermin:usermin:1.080:*:*:*:*:*:*:*
  • OR cpe:/a:usermin:usermin:1.090:*:*:*:*:*:*:*
  • OR cpe:/a:usermin:usermin:1.100:*:*:*:*:*:*:*
  • OR cpe:/a:usermin:usermin:1.110:*:*:*:*:*:*:*
  • OR cpe:/a:usermin:usermin:1.120:*:*:*:*:*:*:*
  • OR cpe:/a:usermin:usermin:1.130:*:*:*:*:*:*:*
  • OR cpe:/a:usermin:usermin:1.140:*:*:*:*:*:*:*
  • OR cpe:/a:usermin:usermin:1.150:*:*:*:*:*:*:*
  • OR cpe:/a:usermin:usermin:*:*:*:*:*:*:*:* (Version <= 1.210)

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.debian:def:1177
    V
    		programming error
    2006-09-15
    BACK
    usermin usermin 0.4
    usermin usermin 0.5
    usermin usermin 0.6
    usermin usermin 0.7
    usermin usermin 0.8
    usermin usermin 0.9
    usermin usermin 0.91
    usermin usermin 0.92
    usermin usermin 0.93
    usermin usermin 0.94
    usermin usermin 0.95
    usermin usermin 0.96
    usermin usermin 0.97
    usermin usermin 0.98
    usermin usermin 0.99
    usermin usermin 1.000
    usermin usermin 1.010
    usermin usermin 1.020
    usermin usermin 1.030
    usermin usermin 1.040
    usermin usermin 1.051
    usermin usermin 1.060
    usermin usermin 1.070
    usermin usermin 1.080
    usermin usermin 1.090
    usermin usermin 1.100
    usermin usermin 1.110
    usermin usermin 1.120
    usermin usermin 1.130
    usermin usermin 1.140
    usermin usermin 1.150
    usermin usermin *