3.6

CVE-2006-4246

Usermin before 1.220 (20060629) allows remote attackers to read arbitrary files, possibly related to chfn/save.cgi not properly handling an empty shell parameter, which results in changing root's shell instead of the shell of a specified user.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
UserminUsermin Version <= 1.210
UserminUsermin Version0.4
UserminUsermin Version0.5
UserminUsermin Version0.6
UserminUsermin Version0.7
UserminUsermin Version0.8
UserminUsermin Version0.9
UserminUsermin Version0.91
UserminUsermin Version0.92
UserminUsermin Version0.93
UserminUsermin Version0.94
UserminUsermin Version0.95
UserminUsermin Version0.96
UserminUsermin Version0.97
UserminUsermin Version0.98
UserminUsermin Version0.99
UserminUsermin Version1.000
UserminUsermin Version1.010
UserminUsermin Version1.020
UserminUsermin Version1.030
UserminUsermin Version1.040
UserminUsermin Version1.051
UserminUsermin Version1.060
UserminUsermin Version1.070
UserminUsermin Version1.080
UserminUsermin Version1.090
UserminUsermin Version1.100
UserminUsermin Version1.110
UserminUsermin Version1.120
UserminUsermin Version1.130
UserminUsermin Version1.140
UserminUsermin Version1.150
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.88% 0.544
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 3.6 3.9 4.9
AV:L/AC:L/Au:N/C:P/I:N/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://www.webmin.com/uchanges.html
Patch
http://secunia.com/advisories/21968
Vendor Advisory
http://secunia.com/advisories/21981
Patch
Vendor Advisory
http://sourceforge.net/tracker/index.php?func=detail&aid=1509145&group_id=17457&atid=485894
Patch
http://www.debian.org/security/2006/dsa-1177
Patch
http://www.osreviews.net/reviews/admin/usermin
http://www.securityfocus.com/bid/18574
Patch
http://www.vupen.com/english/advisories/2006/3668
https://exchange.xforce.ibmcloud.com/vulnerabilities/29010