CVE-2006-4246
First published: Tue Sep 19 2006(Updated: )
Usermin before 1.220 (20060629) allows remote attackers to read arbitrary files, possibly related to chfn/save.cgi not properly handling an empty shell parameter, which results in changing root's shell instead of the shell of a specified user.
Credit: security@debian.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Webmin Usermin | =0.91 | |
| Webmin Usermin | =1.070 | |
| Webmin Usermin | =1.040 | |
| Webmin Usermin | =0.9 | |
| Webmin Usermin | =1.060 | |
| Webmin Usermin | =0.8 | |
| Webmin Usermin | =1.080 | |
| Webmin Usermin | =1.100 | |
| Webmin Usermin | <=1.210 | |
| Webmin Usermin | =0.97 | |
| Webmin Usermin | =0.99 | |
| Webmin Usermin | =1.010 | |
| Webmin Usermin | =0.6 | |
| Webmin Usermin | =1.130 | |
| Webmin Usermin | =1.150 | |
| Webmin Usermin | =1.140 | |
| Webmin Usermin | =0.96 | |
| Webmin Usermin | =1.090 | |
| Webmin Usermin | =1.020 | |
| Webmin Usermin | =0.5 | |
| Webmin Usermin | =1.051 | |
| Webmin Usermin | =1.000 | |
| Webmin Usermin | =1.030 | |
| Webmin Usermin | =0.94 | |
| Webmin Usermin | =0.95 | |
| Webmin Usermin | =0.92 | |
| Webmin Usermin | =1.110 | |
| Webmin Usermin | =0.98 | |
| Webmin Usermin | =0.93 | |
| Webmin Usermin | =0.7 | |
| Webmin Usermin | =1.120 | |
| Webmin Usermin | =0.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.osreviews.net/reviews/admin/usermin
- http://sourceforge.net/tracker/index.php?func=detail&aid=1509145&group_id=17457&atid=485894
- http://www.webmin.com/uchanges.html
- http://www.debian.org/security/2006/dsa-1177
- http://www.securityfocus.com/bid/18574
- http://secunia.com/advisories/21968
- http://secunia.com/advisories/21981
- http://www.vupen.com/english/advisories/2006/3668
- https://exchange.xforce.ibmcloud.com/vulnerabilities/29010
Frequently Asked Questions
What is the severity of CVE-2006-4246?
CVE-2006-4246 is considered a high severity vulnerability due to its potential for remote exploitation and ability to read arbitrary files.
How do I fix CVE-2006-4246?
To fix CVE-2006-4246, upgrade Usermin to version 1.220 or later which addresses the vulnerability.
What versions of Usermin are affected by CVE-2006-4246?
CVE-2006-4246 affects multiple versions of Usermin, including 0.4 through 1.210.
What type of vulnerability is CVE-2006-4246?
CVE-2006-4246 is a file read vulnerability that allows remote attackers to read sensitive files.
Is CVE-2006-4246 still a relevant vulnerability?
Yes, CVE-2006-4246 remains relevant for systems running affected versions of Usermin that have not been updated.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/weakness
- agent/last-modified-date
- agent/remedy
- agent/references
- agent/severity
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/usermin
- canonical/webmin usermin
- version/webmin usermin/0.91
- version/webmin usermin/1.070
- version/webmin usermin/1.040
- version/webmin usermin/0.9
- version/webmin usermin/1.060
- version/webmin usermin/0.8
- version/webmin usermin/1.080
- version/webmin usermin/1.100
- version/webmin usermin/1.210
- version/webmin usermin/0.97
- version/webmin usermin/0.99
- version/webmin usermin/1.010
- version/webmin usermin/0.6
- version/webmin usermin/1.130
- version/webmin usermin/1.150
- version/webmin usermin/1.140
- version/webmin usermin/0.96
- version/webmin usermin/1.090
- version/webmin usermin/1.020
- version/webmin usermin/0.5
- version/webmin usermin/1.051
- version/webmin usermin/1.000
- version/webmin usermin/1.030
- version/webmin usermin/0.94
- version/webmin usermin/0.95
- version/webmin usermin/0.92
- version/webmin usermin/1.110
- version/webmin usermin/0.98
- version/webmin usermin/0.93
- version/webmin usermin/0.7
- version/webmin usermin/1.120
- version/webmin usermin/0.4