📄 libuser Denial of Service / Privilege Escalation

This is an old proof of concept from 2015 that demonstrates userhelper chfn newline filtering and libuser passwd file handling vulnerabilities. / roothelper.c - an unusual local root exploit against: CVE-2015-3245 userhelper chfn newline filtering CVE-2015-3246 libuser passwd file handling...

MiracleLinux 4 : libuser-0.56.13-8.AXS4 (AXSA:2015-374:01)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2015-374:01 advisory. The libuser library implements a standardized interface for manipulating and administering user and group accounts. The library uses pluggable...

MiracleLinux 3 : libuser-0.54.7-2.1.AXS3.2 (AXSA:2011-12:01)

The remote MiracleLinux 3 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2011-12:01 advisory. The libuser library implements a standardized interface for manipulating and administering user and group accounts. The library uses pluggable back-ends to...

MiracleLinux 4 : libuser-0.56.13-4.AXS4.1 (AXSA:2011-30:01)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2011-30:01 advisory. The libuser library implements a standardized interface for manipulating and administering user and group accounts. The library uses pluggable back-ends to...

EUVD-2004-2383

Malware in sbrugna...

EUVD-2012-5515

Malware in sbrugna...

EUVD-2011-0029

Malware in sbrugna...

EUVD-2012-5528

Malware in sbrugna...

libuser bug fix and enhancement update

An update is available for libuser. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Linux 9.5...

Linux Distros Unpatched Vulnerability : CVE-2015-3246

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libuser before 0.56.13-8 and 0.60 before 0.60-7, as used in the userhelper program in the usermode package, directly modifies /etc/passwd, which allows local...

Linux Distros Unpatched Vulnerability : CVE-2011-0002

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libuser before 0.57 uses a cleartext password value of 1 !! or 2 x for new LDAP user accounts, which makes it easier for remote attackers to obtain access by...

libuser bug fix and enhancement update

An update is available for libuser. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The libuser library implements a standardized interface for manipulating and...

RHSA-2015:1482 Red Hat Security Advisory: libuser security update

Bulletin has no description...

RHSA-2015:1483 Red Hat Security Advisory: libuser security update

Bulletin has no description...

RHSA-2011:0170 Red Hat Security Advisory: libuser security update

Bulletin has no description...

OPENSUSE-SU-2024:10368-1 libuser-0.60-5.6 on GA media

These are all security issues fixed in the libuser-0.60-5.6 package on the GA media of openSUSE Tumbleweed...

RHEL 5 : libuser (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - libuser: TOCTOU race conditions by copying and removing directory trees CVE-2012-5630 - libuser: Security...

RHEL 6 : libuser (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - libuser: TOCTOU race conditions by copying and removing directory trees CVE-2012-5630 - libuser: Complete...

RHEL 3 : libuser (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 3 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - libuser creates LDAP users with a default password CVE-2011-0002 Note that Nessus has not tested for this issue but...

SUSE CVE-2015-3245

Incomplete blacklist vulnerability in the chfn function in libuser before 0.56.13-8 and 0.60 before 0.60-7, as used in the userhelper program in the usermode package, allows local users to cause a denial of service /etc/passwd corruption via a newline character in the GECOS field...