2 matches found
CVE-2015-3245
CVE-2015-3245/3246 describe a local privilege escalation in libuser (and the userhelper/uusermode stack) on Red Hat-based systems. The root cause is an improper input validation: the Chfn function in libuser (before 0.56.13-8 and 0.60 before 0.60-7) and the related path in userhelper allow newlin...
CVE-2015-3246
Libuser in the userhelper path is affected by two local vulnerabilities (CVE-2015-3245 and CVE-2015-3246) prior to 0.56.13-8 and 0.60 before 0.60-7. CVE-2015-3245 is an incomplete blacklist vulnerability in chfn that can overflow the GECOS field; CVE-2015-3246 directly modifies /etc/passwd, causi...