Usermin before 1.220 (20060629) allows remote attackers to read arbitrary files, possibly related to chfn/save.cgi not properly handling an empty shell parameter, which results in changing roots shell instead of the shell of a specified user.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Usermin | Usermin | * | 1.210 (including) |
| Usermin | Usermin | 0.4 (including) | 0.4 (including) |
| Usermin | Usermin | 0.5 (including) | 0.5 (including) |
| Usermin | Usermin | 0.6 (including) | 0.6 (including) |
| Usermin | Usermin | 0.7 (including) | 0.7 (including) |
| Usermin | Usermin | 0.8 (including) | 0.8 (including) |
| Usermin | Usermin | 0.9 (including) | 0.9 (including) |
| Usermin | Usermin | 0.91 (including) | 0.91 (including) |
| Usermin | Usermin | 0.92 (including) | 0.92 (including) |
| Usermin | Usermin | 0.93 (including) | 0.93 (including) |
| Usermin | Usermin | 0.94 (including) | 0.94 (including) |
| Usermin | Usermin | 0.95 (including) | 0.95 (including) |
| Usermin | Usermin | 0.96 (including) | 0.96 (including) |
| Usermin | Usermin | 0.97 (including) | 0.97 (including) |
| Usermin | Usermin | 0.98 (including) | 0.98 (including) |
| Usermin | Usermin | 0.99 (including) | 0.99 (including) |
| Usermin | Usermin | 1.000 (including) | 1.000 (including) |
| Usermin | Usermin | 1.010 (including) | 1.010 (including) |
| Usermin | Usermin | 1.020 (including) | 1.020 (including) |
| Usermin | Usermin | 1.030 (including) | 1.030 (including) |
| Usermin | Usermin | 1.040 (including) | 1.040 (including) |
| Usermin | Usermin | 1.051 (including) | 1.051 (including) |
| Usermin | Usermin | 1.060 (including) | 1.060 (including) |
| Usermin | Usermin | 1.070 (including) | 1.070 (including) |
| Usermin | Usermin | 1.080 (including) | 1.080 (including) |
| Usermin | Usermin | 1.090 (including) | 1.090 (including) |
| Usermin | Usermin | 1.100 (including) | 1.100 (including) |
| Usermin | Usermin | 1.110 (including) | 1.110 (including) |
| Usermin | Usermin | 1.120 (including) | 1.120 (including) |
| Usermin | Usermin | 1.130 (including) | 1.130 (including) |
| Usermin | Usermin | 1.140 (including) | 1.140 (including) |
| Usermin | Usermin | 1.150 (including) | 1.150 (including) |
References
- http://secunia.com/advisories/21968
- http://secunia.com/advisories/21981
- http://sourceforge.net/tracker/index.php?func=detail\u0026aid=1509145\u0026group_id=17457\u0026atid=485894
- http://www.debian.org/security/2006/dsa-1177
- http://www.osreviews.net/reviews/admin/usermin
- http://www.securityfocus.com/bid/18574
- http://www.vupen.com/english/advisories/2006/3668
- http://www.webmin.com/uchanges.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/29010
- http://secunia.com/advisories/21968
- http://secunia.com/advisories/21981
- http://sourceforge.net/tracker/index.php?func=detail\u0026aid=1509145\u0026group_id=17457\u0026atid=485894
- http://www.debian.org/security/2006/dsa-1177
- http://www.osreviews.net/reviews/admin/usermin
- http://www.securityfocus.com/bid/18574
- http://www.vupen.com/english/advisories/2006/3668
- http://www.webmin.com/uchanges.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/29010