Lucene search

K

Arch LinuxASA-201507-19

HistoryJul 24, 2015 - 12:00 a.m.

libuser: multiple issues

2015-07-2400:00:00

Arch Linux

lists.archlinux.org

22

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.7%

CVE-2015-3245 (denial of service)

It was found that libuser, as used by the chfn userhelper functionality,
did not properly filter out newline characters in GECOS fields. A local,
authenticated user could use this flaw to corrupt the /etc/passwd file,
resulting in a denial-of-service on the system.

CVE-2015-3246 (privilege escalation)

A flaw was found in the way the libuser library handled the /etc/passwd
file. A local attacker could use an application compiled against libuser
(for example, userhelper) to manipulate the /etc/passwd file, which
could result in a denial of service or possibly allow the attacker to
escalate their privileges to root.

OSVersionArchitecturePackageVersionFilename
anyanyanylibuser< 0.62-1UNKNOWN

References

seclists.org/oss-sec/2015/q3/185

access.redhat.com/security/cve/CVE-2015-3245

access.redhat.com/security/cve/CVE-2015-3246

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.7%

Related for ASA-201507-19

nessus16 debian1 cvelist2 centos2 ibm10 redhat2 f52 zdt2 cve2 amazon1 openvas11 debiancve2 prion2 oraclelinux2 osv1 exploitpack1 fedora2 mageia1 ubuntucve2 packetstorm2 securityvulns2 exploitdb1 veracode2 suse1