MiracleLinux 4 : libuser-0.56.13-4.AXS4.1 (AXSA:2011-30:01)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2011-30:01 advisory. The libuser library implements a standardized interface for manipulating and administering user and group accounts. The library uses pluggable back-ends to...

EUVD-2004-2383

Malware in sbrugna...

EUVD-2012-5515

Malware in sbrugna...

K16877: libuser vulnerability CVE-2011-0002

Security Advisory Description Description libuser before 0.57 uses a cleartext password value of 1 !! or 2 x for new LDAP user accounts, which makes it easier for remote attackers to obtain access by specifying one of these values. CVE-2011-0002 Impact None. F5 products are not affected by this...

SUSE CVE-2015-3246

libuser before 0.56.13-8 and 0.60 before 0.60-7, as used in the userhelper program in the usermode package, directly modifies /etc/passwd, which allows local users to cause a denial of service inconsistent file state by causing an error during the modification. NOTE: this issue can be combined wi...

Denial Of Service (DoS)

libuser is vulnerable to denial of service DoS attacks. The vulnerability exists as an incomplete blacklist vulnerability in the chfn function in libuser before 0.56.13-8 and 0.60 before 0.60-7, as used in the userhelper program in the usermode package, allows local users to cause a denial of...

Security Bulletin: Multiple vulnerabilities in NTP, Hivex, glibc, libuser, BIND affect IBM SmartCloud Provisioning for IBM Software Virtual Appliance

Summary Multiple vulnerabilities in NTP, Hivex, glibc, libuser, BIND, affect IBM SmartCloud Provisioning 2.1 for IBM Software Virtual Appliance CVE-2014-9297, CVE-2014-9298, CVE-2014-9273, CVE-2013-7424, CVE-2015-3245, CVE-2015-3246, CVE-2015-5477. Vulnerability Details CVEID: CVE-2014-9297...

Libuser roothelper Privilege Escalation Exploit

This Metasploit module attempts to gain root privileges on Red Hat based Linux systems, including RHEL, Fedora and CentOS, by exploiting a newline injection vulnerability in libuser and userhelper versions prior to 0.56.13-8 and version 0.60 before 0.60-7. This Metasploit module makes use of the...

CVE-2015-3245

Incomplete blacklist vulnerability in the chfn function in libuser before 0.56.13-8 and 0.60 before 0.60-7, as used in the userhelper program in the usermode package, allows local users to cause a denial of service /etc/passwd corruption via a newline character in the GECOS field...

Qualys Security Advisory - userhelper / libuser

Qualys Security Advisory CVE-2015-3245 userhelper chfn newline filtering CVE-2015-3246 libuser passwd file handling -- Summary ----------------------------------------------------------------- The libuser library implements a standardized interface for manipulating and administering user and grou...

CVE-2011-0002

libuser before 0.57 uses a cleartext password value of 1 !! or 2 x for new LDAP user accounts, which makes it easier for remote attackers to obtain access by specifying one of these values...

CVE-2004-2392

libuser 0.51.7 allows attackers to cause a denial of service crash or disk consumption via unknown attack vectors, related to read failures and other bugs...

MDKSA-2004:044 - Updated libuser packages fix vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandrakelinux Security Update Advisory Package name: libuser Advisory ID: MDKSA-2004:044 Date: May 17th, 2004 Affected versions: 10.0, 9.1, 9.2, Corporate Server 2.1 Problem Description: Steve Grubb discovered a number of problems in the libuser libra...