Computer Security
[EN] securityvulns.ru no-pyccku


libuser / userhelper security vulnerabilities
Published:27.07.2015
Source:
SecurityVulns ID:14609
Type:library
Threat Level:
5/10
Description:Unsafe files handling, insufficient characters filtering.
CVE:CVE-2015-3246 (libuser before 0.56.13-8 and 0.60 before 0.60-7, as used in the userhelper program in the usermode package, directly modifies /etc/passwd, which allows local users to cause a denial of service (inconsistent file state) by causing an error during the modification. NOTE: this issue can be combined with CVE-2015-3245 to gain privileges.)
 CVE-2015-3245 (Incomplete blacklist vulnerability in the chfn function in libuser before 0.56.13-8 and 0.60 before 0.60-7, as used in the userhelper program in the usermode package, allows local users to cause a denial of service (/etc/passwd corruption) via a newline character in the GECOS field.)
Original documentdocumentQualys Security Advisory, Qualys Security Advisory - CVE-2015-3245 userhelper - CVE-2015-3246 libuser (27.07.2015)
Files:an unusual local root exploit against CVE-2015-3245 userhelper chfn() newline filtering / CVE-2015-3246 libuser passwd file handling

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod