Debian Bug report logs - #374609
usermin-chfn: Root Shell Denial of Service

version graph

Package: usermin-chfn; Maintainer for usermin-chfn is (unknown);

Reported by: Hendrik Weimer <hendrik@enyo.de>

Date: Tue, 20 Jun 2006 09:03:02 UTC

Severity: normal

Tags: security

Found in version usermin/1.110-3

Fixed in version usermin-chfn/1.110-3+rm

Done: Marco Rodrigues <gothicx@sapo.pt>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Debian Webmin maintainers <webmin-maintainers@lists.alioth.debian.org>:
Bug#374609; Package usermin-chfn. Full text and rfc822 format available.

Acknowledgement sent to Hendrik Weimer <hendrik@enyo.de>:
New Bug report received and forwarded. Copy sent to Debian Webmin maintainers <webmin-maintainers@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Hendrik Weimer <hendrik@enyo.de>
To: submit@bugs.debian.org
Subject: usermin-chfn: Root Shell Denial of Service
Date: Tue, 20 Jun 2006 10:38:23 +0200
Package: usermin-chfn
Version: 1.110-3
Tags: security

As pointed out in http://www.osreviews.net/reviews/admin/usermin it is
possible to disable the login shell of the root account by calling
save.cgi with an empty value for the shell. The problem is that the
command is expanded to `chsh -s foo`, which changes the shell of the
root account to foo instead of changing foo's shell.

When combined with some well-known social engineering tactics (cf.
"Stealing Superuser" in Practical UNIX & Internet Security) it might
even be possible to obtain root access to the system.



Reply sent to Marco Rodrigues <gothicx@sapo.pt>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to Hendrik Weimer <hendrik@enyo.de>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #10 received at 374609-done@bugs.debian.org (full text, mbox):

From: Marco Rodrigues <gothicx@sapo.pt>
To: 374609-done@bugs.debian.org
Subject: This package was been removed from Debian..
Date: Fri, 30 May 2008 12:17:59 +0100
Package: usermin-chfn
Version: 1.110-3+rm

Hi!

I'm closing this bug, because this package was been removed from Debian.

If you want to know more about it, please visit
http://packages.qa.debian.org/usermin

Thanks

-- 
Marco Rodrigues

http://Marco.Tondela.org





Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sun, 10 Aug 2008 08:53:04 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Apr 16 04:26:40 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.