7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.0004 Low
EPSS
Percentile
5.7%
The libuser library implements a standardized interface for manipulating
and administering user and group accounts. Sample applications that are
modeled after applications from the shadow password suite (shadow-utils)
are included in these packages.
Two flaws were found in the way the libuser library handled the /etc/passwd
file. A local attacker could use an application compiled against libuser
(for example, userhelper) to manipulate the /etc/passwd file, which could
result in a denial of service or possibly allow the attacker to escalate
their privileges to root. (CVE-2015-3245, CVE-2015-3246)
Red Hat would like to thank Qualys for reporting these issues.
All libuser users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 7 | i686 | libuser-debuginfo | <Â 0.60-7.el7_1 | libuser-debuginfo-0.60-7.el7_1.i686.rpm |
RedHat | 7 | src | libuser | <Â 0.60-7.el7_1 | libuser-0.60-7.el7_1.src.rpm |
RedHat | 7 | s390 | libuser-devel | <Â 0.60-7.el7_1 | libuser-devel-0.60-7.el7_1.s390.rpm |
RedHat | 7 | s390x | libuser-debuginfo | <Â 0.60-7.el7_1 | libuser-debuginfo-0.60-7.el7_1.s390x.rpm |
RedHat | 7 | x86_64 | libuser | <Â 0.60-7.el7_1 | libuser-0.60-7.el7_1.x86_64.rpm |
RedHat | 7 | s390 | libuser | <Â 0.60-7.el7_1 | libuser-0.60-7.el7_1.s390.rpm |
RedHat | 7 | ppc64 | libuser | <Â 0.60-7.el7_1 | libuser-0.60-7.el7_1.ppc64.rpm |
RedHat | 7 | ppc64 | libuser-debuginfo | <Â 0.60-7.el7_1 | libuser-debuginfo-0.60-7.el7_1.ppc64.rpm |
RedHat | 7 | s390x | libuser-devel | <Â 0.60-7.el7_1 | libuser-devel-0.60-7.el7_1.s390x.rpm |
RedHat | 7 | s390 | libuser-debuginfo | <Â 0.60-7.el7_1 | libuser-debuginfo-0.60-7.el7_1.s390.rpm |