37 matches found
MiracleLinux 4 : libuser-0.56.13-8.AXS4 (AXSA:2015-374:01)
The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2015-374:01 advisory. The libuser library implements a standardized interface for manipulating and administering user and group accounts. The library uses pluggable...
Debian: Security Advisory (DLA-468-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
K05770600: Linux libuser vulnerability CVE-2015-3246
Security Advisory Description libuser before 0.56.13-8 and 0.60 before 0.60-7, as used in the userhelper program in the usermode package, directly modifies /etc/passwd, which allows local users to cause a denial of service inconsistent file state by causing an error during the modification. NOTE:...
Security Bulletin: Vulnerabilities in libuser affect Power Hardware Management Console (CVE-2015-3245 CVE-2015-3246)
Summary libuser is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2015-3245 DESCRIPTION: libuser is vulnerable to a denial of service, caused by the failure to properly filter out newline characters by the chfn function withi...
Security Bulletin: Vulnerabilities in libuser affect PowerKVM (CVE-2015-3245 and CVE-2015-3246)
Summary PowerKVM is affected by two vulnerabilities CVE-2015-3245 and CVE-2015-3246 in libuser. These vulnerabilities are now fixed. Vulnerability Details CVEID: CVE-2015-3245 DESCRIPTION: libuser is vulnerable to a denial of service, caused by the failure to properly filter out newline character...
Security Bulletin: libuser vulnerabilities affect IBM Storwize V7000 Unified (CVE-2015-3245 and CVE-2015-3246)
Summary Fixes for security vulnerabilities in libuser are available with IBM Storwize V7000 Unified version 1.5.2.2 Vulnerability Details CVEID: CVE-2015-3245 DESCRIPTION: libuser is vulnerable to a denial of service, caused by the failure to properly filter out newline characters by the chfn...
Security Bulletin: libuser vulnerabilities affect IBM SONAS (CVE-2015-3245 and CVE-2015-3246)
Summary Fixes for security vulnerabilities in libuser are available with IBM SONAS version 1.5.2.2 Vulnerability Details CVEID: CVE-2015-3245 DESCRIPTION: libuser is vulnerable to a denial of service, caused by the failure to properly filter out newline characters by the chfn function within the...
Security Bulletin: Vulnerabilities in Open Source libuser affect IBM Security Guardium (CVE-2015-3246, CVE-2015-3245)
Summary The vulnerabilities allow local users to perform denial-of-service and privilege-escalation attacks Vulnerability Details CVEID: CVE-2015-3246 DESCRIPTION: libuser could allow a local authenticated attacker to gain elevated privileges on the system, caused by the improper handling of the...
Security Bulletin: Vulnerabilities in libuser affect IBM Security Network Protection (CVE-2015-3245, CVE-2015-3246)
Summary The libuser library implements a standardized interface for manipulating and administering user and group accounts used by multiple programs on the system. Security vulnerabilities have been discovered in libuser used with IBM Security Network Protection. Vulnerability Details CVE ID:...
F5 Networks BIG-IP : Linux libuser vulnerability (SOL05770600)
libuser before 0.56.13-8 and 0.60 before 0.60-7, as used in the userhelper program in the usermode package, directly modifies /etc/passwd, which allows local users to cause a denial of service inconsistent file state by causing an error during the modification. NOTE: this issue can be combined wi...
Oracle: Security Advisory (ELSA-2015-1483)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Amazon Linux: Security Advisory (ALAS-2015-572)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
DEBIAN-CVE-2015-3246
libuser before 0.56.13-8 and 0.60 before 0.60-7, as used in the userhelper program in the usermode package, directly modifies /etc/passwd, which allows local users to cause a denial of service inconsistent file state by causing an error during the modification. NOTE: this issue can be combined wi...
CVE-2015-3245
Incomplete blacklist vulnerability in the chfn function in libuser before 0.56.13-8 and 0.60 before 0.60-7, as used in the userhelper program in the usermode package, allows local users to cause a denial of service /etc/passwd corruption via a newline character in the GECOS field...
CVE-2015-3246
libuser before 0.56.13-8 and 0.60 before 0.60-7, as used in the userhelper program in the usermode package, directly modifies /etc/passwd, which allows local users to cause a denial of service inconsistent file state by causing an error during the modification. NOTE: this issue can be combined wi...
Code injection
libuser before 0.56.13-8 and 0.60 before 0.60-7, as used in the userhelper program in the usermode package, directly modifies /etc/passwd, which allows local users to cause a denial of service inconsistent file state by causing an error during the modification. NOTE: this issue can be combined wi...
CVE-2015-3245
Incomplete blacklist vulnerability in the chfn function in libuser before 0.56.13-8 and 0.60 before 0.60-7, as used in the userhelper program in the usermode package, allows local users to cause a denial of service /etc/passwd corruption via a newline character in the GECOS field...
CVE-2015-3246
Libuser in the userhelper path is affected by two local vulnerabilities (CVE-2015-3245 and CVE-2015-3246) prior to 0.56.13-8 and 0.60 before 0.60-7. CVE-2015-3245 is an incomplete blacklist vulnerability in chfn that can overflow the GECOS field; CVE-2015-3246 directly modifies /etc/passwd, causi...
CVE-2015-3245
CVE-2015-3245/3246 describe a local privilege escalation in libuser (and the userhelper/uusermode stack) on Red Hat-based systems. The root cause is an improper input validation: the Chfn function in libuser (before 0.56.13-8 and 0.60 before 0.60-7) and the related path in userhelper allow newlin...
CVE-2015-3245
Incomplete blacklist vulnerability in the chfn function in libuser before 0.56.13-8 and 0.60 before 0.60-7, as used in the userhelper program in the usermode package, allows local users to cause a denial of service /etc/passwd corruption via a newline character in the GECOS field...