Lucene search

Gentoo FoundationMGASA-2015-0278

HistoryJul 24, 2015 - 7:36 p.m.

Updated libuser package fixes security vulnerabilities

2015-07-2419:36:06

Gentoo Foundation

advisories.mageia.org

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.1%

JSON

Two flaws were found in the way the libuser library handled the /etc/passwd file. A local attacker could use an application compiled against libuser (for example, userhelper) to manipulate the /etc/passwd file, which could result in a denial of service or possibly allow the attacker to escalate their privileges to root (CVE-2015-3245, CVE-2015-3246).

OSVersionArchitecturePackageVersionFilename
Mageia4noarchlibuser< 0.60-2.1libuser-0.60-2.1.mga4
Mageia5noarchlibuser< 0.60-5.1libuser-0.60-5.1.mga5

OS	Version	Architecture	Package	Version	Filename
Mageia	4	noarch	libuser	< 0.60-2.1	libuser-0.60-2.1.mga4
Mageia	5	noarch	libuser	< 0.60-5.1	libuser-0.60-5.1.mga5

References

openwall.com/lists/oss-security/2015/07/23/16

access.redhat.com/articles/1537873

bugs.mageia.org/show_bug.cgi?id=16459

rhn.redhat.com/errata/RHSA-2015-1483.html

securityblog.redhat.com/2015/07/23/libuser-vulnerabilities/

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for MGASA-2015-0278