Incomplete blacklist vulnerability in the chfn function in libuser before
0.56.13-8 and 0.60 before 0.60-7, as used in the userhelper program in the
usermode package, allows local users to cause a denial of service
(/etc/passwd corruption) via a newline character in the GECOS field.