libuser: multiple issues

2015-07-24T00:00:00
ID ASA-201507-19
Type archlinux
Reporter Arch Linux
Modified 2015-07-24T00:00:00

Description

  • CVE-2015-3245 (denial of service)

It was found that libuser, as used by the chfn userhelper functionality, did not properly filter out newline characters in GECOS fields. A local, authenticated user could use this flaw to corrupt the /etc/passwd file, resulting in a denial-of-service on the system.

  • CVE-2015-3246 (privilege escalation)

A flaw was found in the way the libuser library handled the /etc/passwd file. A local attacker could use an application compiled against libuser (for example, userhelper) to manipulate the /etc/passwd file, which could result in a denial of service or possibly allow the attacker to escalate their privileges to root.