NVD Vulnerability Detail

Search Exploit, PoC

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2006-4246

Summary	Usermin before 1.220 (20060629) allows remote attackers to read arbitrary files, possibly related to chfn/save.cgi not properly handling an empty shell parameter, which results in changing root's shell instead of the shell of a specified user.
Summary	This vulnerability is addressed in the following product release: Webmin, Usermin, 1.220
Publication Date	Sept. 20, 2006, 3:07 a.m.
Registration Date	Jan. 29, 2021, 3:43 p.m.
Last Update	July 20, 2017, 10:32 a.m.

CVSS2.0 : LOW
Score	3.6
Vector	AV:L/AC:L/Au:N/C:P/I:N/A:P
攻撃元区分(AV)	ローカル
攻撃条件の複雑さ(AC)	低
攻撃前の認証要否(Au)	不要
機密性への影響(C)	低
完全性への影響(I)	なし
可用性への影響(A)	低
Get all privileges.	いいえ
Get user privileges	いいえ
Get other privileges	いいえ
User operation required	いいえ

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:usermin:usermin:0.4:::::::*
cpe:2.3:a:usermin:usermin:0.5:::::::*
cpe:2.3:a:usermin:usermin:0.6:::::::*
cpe:2.3:a:usermin:usermin:0.7:::::::*
cpe:2.3:a:usermin:usermin:0.8:::::::*
cpe:2.3:a:usermin:usermin:0.9:::::::*
cpe:2.3:a:usermin:usermin:0.91:::::::*
cpe:2.3:a:usermin:usermin:0.92:::::::*
cpe:2.3:a:usermin:usermin:0.93:::::::*
cpe:2.3:a:usermin:usermin:0.94:::::::*
cpe:2.3:a:usermin:usermin:0.95:::::::*
cpe:2.3:a:usermin:usermin:0.96:::::::*
cpe:2.3:a:usermin:usermin:0.97:::::::*
cpe:2.3:a:usermin:usermin:0.98:::::::*
cpe:2.3:a:usermin:usermin:0.99:::::::*
cpe:2.3:a:usermin:usermin:1.000:::::::*
cpe:2.3:a:usermin:usermin:1.010:::::::*
cpe:2.3:a:usermin:usermin:1.020:::::::*
cpe:2.3:a:usermin:usermin:1.030:::::::*
cpe:2.3:a:usermin:usermin:1.040:::::::*
cpe:2.3:a:usermin:usermin:1.051:::::::*
cpe:2.3:a:usermin:usermin:1.060:::::::*
cpe:2.3:a:usermin:usermin:1.070:::::::*
cpe:2.3:a:usermin:usermin:1.080:::::::*
cpe:2.3:a:usermin:usermin:1.090:::::::*
cpe:2.3:a:usermin:usermin:1.100:::::::*
cpe:2.3:a:usermin:usermin:1.110:::::::*
cpe:2.3:a:usermin:usermin:1.120:::::::*
cpe:2.3:a:usermin:usermin:1.130:::::::*
cpe:2.3:a:usermin:usermin:1.140:::::::*
cpe:2.3:a:usermin:usermin:1.150:::::::*
cpe:2.3:a:usermin:usermin::::::::			1.210

Related information, measures and tools

No	URL	refsource	タグ
1	http://secunia.com/advisories/21968	SECUNIA	Vendor Advisory
2	http://secunia.com/advisories/21981	SECUNIA	Patch Vendor Advisory
3	http://sourceforge.net/tracker/index.php?func=detail&aid=1509145&group_id=17457&atid=485894	CONFIRM	Patch
4	http://www.debian.org/security/2006/dsa-1177	DEBIAN	Patch
5	http://www.osreviews.net/reviews/admin/usermin	MISC
6	http://www.securityfocus.com/bid/18574	BID	Patch
7	http://www.vupen.com/english/advisories/2006/3668	VUPEN
8	http://www.webmin.com/uchanges.html	CONFIRM	Patch
9	https://exchange.xforce.ibmcloud.com/vulnerabilities/29010	XF

Common Vulnerabilities List