Usermin chfn/save.cgi shell denial of service
| usermin-shell-dos (29010) |  Low Risk |
Description:
The Usermin chfn/save.cgi script could be used to cause a denial of service. By supplying an invalid "shell" parameter to the chfn/save.cgi script, a local attacker could disable the login shell for the root account.
*CVSS:
| Base Score: | 3.5 |
| Access Vector: | Local |
| Access Complexity: | Low |
| Authentication: | Not Required |
| Confidentiality Impact: | None |
| Integrity Impact: | None |
| Availability Impact: | Complete |
| Temporal Score: | 2.6 |
| Exploitability: | Unproven |
| Remediation Level: | Official-Fix |
| Report Confidence: | Confirmed |
Consequences:
Denial of Service
Remedy:
Upgrade to the latest version of Usermin (version 1.220 or later), available from the Usermin Web page. See References.
For Debian GNU/Linux:
Refer to DSA-1177-1 for patch, upgrade, or suggested workaround information. See References.
References:
- OS Reviews Web site: Usermin - User's Little Helper.
- Usermin Web page: Usermin.
- BID-18574: Usermin Change User Details Remote Denial of Service Vulnerability
- CVE-2006-4246: Usermin before 1.220 (20060629) allows remote attackers to read arbitrary files, possibly related to chfn/save.cgi not properly handling an empty shell parameter, which results in changing root's shell instead of the shell of a specified user.
- DSA-1177: usermin -- programming error
- SA21968: Usermin "shell" Denial of Service Vulnerability
- VUPEN/ADV-2006-3668: Usermin shell Parameter Login Shell Manipulation Denial of Service Weakness
Platforms Affected:
- Apple Mac OS Server
- Debian Debian Linux 3.1
- Usermin Project Usermin 1.180
Reported:
Sep 18, 2006
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net
* According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall IBM be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.