Privilege Escalation

libuser is vulnerable to privilege escalation. Two flaws were found in the way the libuser library handled the /etc/passwd file. A local attacker could use an application compiled against libuser for example, userhelper to manipulate the /etc/passwd file, which could result in a denial of service...

Denial Of Service (DoS)

libuser is vulnerable to denial of service DoS attacks. The vulnerability exists as an incomplete blacklist vulnerability in the chfn function in libuser before 0.56.13-8 and 0.60 before 0.60-7, as used in the userhelper program in the usermode package, allows local users to cause a denial of...

Security Bulletin: Vulnerabilities in libuser affect PowerKVM (CVE-2015-3245 and CVE-2015-3246)

Summary PowerKVM is affected by two vulnerabilities CVE-2015-3245 and CVE-2015-3246 in libuser. These vulnerabilities are now fixed. Vulnerability Details CVEID: CVE-2015-3245 DESCRIPTION: libuser is vulnerable to a denial of service, caused by the failure to properly filter out newline character...

Security Bulletin: libuser vulnerabilities affect IBM SONAS (CVE-2015-3245 and CVE-2015-3246)

Summary Fixes for security vulnerabilities in libuser are available with IBM SONAS version 1.5.2.2 Vulnerability Details CVEID: CVE-2015-3245 DESCRIPTION: libuser is vulnerable to a denial of service, caused by the failure to properly filter out newline characters by the chfn function within the...

Security Bulletin: libuser vulnerabilities affect IBM Storwize V7000 Unified (CVE-2015-3245 and CVE-2015-3246)

Summary Fixes for security vulnerabilities in libuser are available with IBM Storwize V7000 Unified version 1.5.2.2 Vulnerability Details CVEID: CVE-2015-3245 DESCRIPTION: libuser is vulnerable to a denial of service, caused by the failure to properly filter out newline characters by the chfn...

Security Bulletin: Multiple vulnerabilities in NTP, Hivex, glibc, libuser, BIND affect IBM SmartCloud Provisioning for IBM Software Virtual Appliance

Summary Multiple vulnerabilities in NTP, Hivex, glibc, libuser, BIND, affect IBM SmartCloud Provisioning 2.1 for IBM Software Virtual Appliance CVE-2014-9297, CVE-2014-9298, CVE-2014-9273, CVE-2013-7424, CVE-2015-3245, CVE-2015-3246, CVE-2015-5477. Vulnerability Details CVEID: CVE-2014-9297...

Security Bulletin: IBM Software Delivery and Lifecycle Patterns for the Open Source libuser Vunlerabilities (CVE-2015-3245 and CVE-2015-3246)

Summary IBM Software Delivery and Lifecycle Patterns requires client action for the Open Source libuser Vunlerabilities. The libuser library implements a standardized interface for manipulating and administering user and group accounts, and is installed by default on Linux distributions derived...

Security Bulletin: Vulnerabilities in Open Source libuser affect IBM Security Guardium (CVE-2015-3246, CVE-2015-3245)

Summary The vulnerabilities allow local users to perform denial-of-service and privilege-escalation attacks Vulnerability Details CVEID: CVE-2015-3246 DESCRIPTION: libuser could allow a local authenticated attacker to gain elevated privileges on the system, caused by the improper handling of the...

Security Bulletin: Vulnerabilities in libuser affect IBM Security Network Protection (CVE-2015-3245, CVE-2015-3246)

Summary The libuser library implements a standardized interface for manipulating and administering user and group accounts used by multiple programs on the system. Security vulnerabilities have been discovered in libuser used with IBM Security Network Protection. Vulnerability Details CVE ID:...

Libuser - 'roothelper' Local Privilege Escalation (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Libuser roothelper Privilege Escalation', 'Description' = %q This module attempts to gain root privileges on Red Hat based Linux systems, includi...

Libuser roothelper Privilege Escalation Exploit

This Metasploit module attempts to gain root privileges on Red Hat based Linux systems, including RHEL, Fedora and CentOS, by exploiting a newline injection vulnerability in libuser and userhelper versions prior to 0.56.13-8 and version 0.60 before 0.60-7. This Metasploit module makes use of the...

Libuser roothelper Privilege Escalation

This module attempts to gain root privileges on Red Hat based Linux systems, including RHEL, Fedora and CentOS, by exploiting a newline injection vulnerability in libuser and userhelper versions prior to 0.56.13-8 and version 0.60 before 0.60-7. This module makes use of the roothelper.c exploit...

F5 Networks BIG-IP : Linux libuser vulnerability (SOL05770600)

libuser before 0.56.13-8 and 0.60 before 0.60-7, as used in the userhelper program in the usermode package, directly modifies /etc/passwd, which allows local users to cause a denial of service inconsistent file state by causing an error during the modification. NOTE: this issue can be combined wi...

Debian DLA-468-1 : libuser security update

Two security vulnerabilities were discovered in libuser, a library that implements a standardized interface for manipulating and administering user and group accounts, that could lead to a denial of service or privilege escalation by local users. CVE-2015-3245 Incomplete blacklist vulnerability i...

DLA-468-1 libuser - security update

Bulletin has no description...

VMware ESX / ESXi Third-Party Libraries Multiple Vulnerabilities (VMSA-2011-0013) (remote check)

The remote VMware ESX / ESXi host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in several third-party components and libraries : - Java Runtime Environment JRE - libuser - Netscape Portable Runtime NS...

SOL05770600 - Linux libuser vulnerability CVE-2015-3246

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

Mageia: Security Advisory (MGASA-2015-0278)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Oracle: Security Advisory (ELSA-2015-1482)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Oracle: Security Advisory (ELSA-2011-0170)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...