Usermin before 1.220 (20060629) allows remote attackers to read arbitrary files, possibly related to chfn/save.cgi not properly handling an empty shell parameter, which results in changing root's shell instead of the shell of a specified user.
Metrics
Affected Vendors & Products
Advisories
Source | ID | Title |
---|---|---|
![]() |
DSA-1177-1 | New usermin packages fix denial of service |
![]() |
EUVD-2006-4236 | Usermin before 1.220 (20060629) allows remote attackers to read arbitrary files, possibly related to chfn/save.cgi not properly handling an empty shell parameter, which results in changing root's shell instead of the shell of a specified user. |
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
No history.

Status: PUBLISHED
Assigner: debian
Published:
Updated: 2024-08-07T19:06:07.026Z
Reserved: 2006-08-21T00:00:00
Link: CVE-2006-4246

No data.

Status : Deferred
Published: 2006-09-19T18:07:00.000
Modified: 2025-04-03T01:03:51.193
Link: CVE-2006-4246

No data.

No data.