CVE-2006-4246

NameCVE-2006-4246
DescriptionUsermin before 1.220 (20060629) allows remote attackers to read arbitrary files, possibly related to chfn/save.cgi not properly handling an empty shell parameter, which results in changing root's shell instead of the shell of a specified user.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-1177-1
NVD severitylow (attack range: local)
Debian Bugs374609

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
userminsource(unstable)(unfixed)low374609
userminsourcesarge1.110-3.1lowDSA-1177-1

Search for package or bug name: Reporting problems