libuser before 0.56.13-8 and 0.60 before 0.60-7, as used in the userhelper program in the usermode package, directly modifies /etc/passwd, which allows local users to cause a denial of service (inconsistent file state) by causing an error during the modification. NOTE: this issue can be combined with CVE-2015-3245 to gain privileges.

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched.

  - libuser: TOCTOU race conditions by copying and removing directory trees (CVE-2012-5630)

  - libuser: Security flaw in handling /etc/passwd file (CVE-2015-3246)

  - libuser has information disclosure when moving user's home directory (CVE-2012-5644)

Note that Nessus has not tested for these issues but has instead relied on the package manager's report that the package is installed.

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has libuser packages installed that are affected by multiple vulnerabilities:

  - libuser before 0.56.13-8 and 0.60 before 0.60-7, as used in the userhelper program in the usermode     package, directly modifies /etc/passwd, which allows local users to cause a denial of service     (inconsistent file state) by causing an error during the modification. NOTE: this issue can be combined     with CVE-2015-3245 to gain privileges. (CVE-2015-3246)

  - Incomplete blacklist vulnerability in the chfn function in libuser before 0.56.13-8 and 0.60 before     0.60-7, as used in the userhelper program in the usermode package, allows local users to cause a denial of     service (/etc/passwd corruption) via a newline character in the GECOS field. (CVE-2015-3245)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

libuser before 0.56.13-8 and 0.60 before 0.60-7, as used in the userhelper program in the usermode package, directly modifies /etc/passwd, which allows local users to cause a denial of service (inconsistent file state) by causing an error during the modification.
NOTE: this issue can be combined with CVE-2015-3245 to gain privileges.

Two security vulnerabilities were discovered in libuser, a library that implements a standardized interface for manipulating and administering user and group accounts, that could lead to a denial of service or privilege escalation by local users.

CVE-2015-3245 Incomplete blacklist vulnerability in the chfn function in libuser before 0.56.13-8 and 0.60 before 0.60-7, as used in the userhelper program in the usermode package, allows local users to cause a denial of service (/etc/passwd corruption) via a newline character in the GECOS field.

CVE-2015-3246 libuser before 0.56.13-8 and 0.60 before 0.60-7, as used in the userhelper program in the usermode package, directly modifies /etc/passwd, which allows local users to cause a denial of service (inconsistent file state) by causing an error during the modification.
NOTE: this issue can be combined with CVE-2015-3245 to gain privileges.

In addition the usermode package, which depends on libuser, was rebuilt against the updated version.

For Debian 7 'Wheezy', these problems have been fixed in

libuser 1:0.56.9.dfsg.1-1.2+deb7u1 usermode 1.109-1+deb7u2

We recommend that you upgrade your libuser and usermode packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Two flaws were found in the way the libuser library handled the /etc/passwd file. A local attacker could use an application compiled against libuser (for example, userhelper) to manipulate the /etc/passwd file, which could result in a denial of service or possibly allow the attacker to escalate their privileges to root.
(CVE-2015-3245, CVE-2015-3246)

libuser was updated to fix on security issue.

The following vulnerability was fixed :

  - CVE-2015-3246: local root exploit through passwd file     handling (boo#937533)

Security fix for CVE-2015-3245, CVE-2015-3246

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The remote OracleVM system is missing necessary patches to address critical security updates :

  - Update CVE-2015-3246 patch based on review comments     Resolves: #1235518

  - Don&rsquo t use 512-bit RSA private keys in tests     Related: #1235518

  - Fix testsuite failures if more than one architecture is     building concurrently Related: #1235518

  - Fix (CVE-2015-3246) Resolves: #1235518

The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2015-1482 advisory.

    - Update CVE-2015-3246 patch based on review comments       Resolves: #1235518

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Updated libuser packages that fix two security issues are now available for Red Hat Enterprise Linux 6.

Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

The libuser library implements a standardized interface for manipulating and administering user and group accounts. Sample applications that are modeled after applications from the shadow password suite (shadow-utils) are included in these packages.

Two flaws were found in the way the libuser library handled the /etc/passwd file. A local attacker could use an application compiled against libuser (for example, userhelper) to manipulate the /etc/passwd file, which could result in a denial of service or possibly allow the attacker to escalate their privileges to root.
(CVE-2015-3245, CVE-2015-3246)

Red Hat would like to thank Qualys for reporting these issues.

All libuser users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.

Updated libuser packages that fix two security issues are now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

The libuser library implements a standardized interface for manipulating and administering user and group accounts. Sample applications that are modeled after applications from the shadow password suite (shadow-utils) are included in these packages.

Two flaws were found in the way the libuser library handled the /etc/passwd file. A local attacker could use an application compiled against libuser (for example, userhelper) to manipulate the /etc/passwd file, which could result in a denial of service or possibly allow the attacker to escalate their privileges to root.
(CVE-2015-3245, CVE-2015-3246)

Red Hat would like to thank Qualys for reporting these issues.

All libuser users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2015-1483 advisory.

    - Update CVE-2015-3246 patch based on review comments       Resolves: #1235519

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

It was found that libuser, as used in the chfn userhelper functionality, does not properly filter out newline characters, which allows an authenticated local attacker to corrupt the /etc/passwd file and cause denial-of-service against the system. (CVE-2015-3245)

A flaw was found in the way the libuser library handled the /etc/passwd file. A local attacker could use an application compiled against libuser (for example, userhelper) to manipulate the /etc/passwd file, which could result in a denial of service or possibly allow the attacker to escalate their privileges to root.
(CVE-2015-3246)

ID	Name	Product	Family	Severity
199339	RHEL 5 : libuser (Unpatched Vulnerability)	Nessus	Red Hat Local Security Checks	medium
147366	NewStart CGSL CORE 5.04 / MAIN 5.04 : libuser Multiple Vulnerabilities (NS-SA-2021-0044)	Nessus	NewStart CGSL Local Security Checks	medium
91327	F5 Networks BIG-IP : Linux libuser vulnerability (SOL05770600)	Nessus	F5 Networks Local Security Checks	high
91108	Debian DLA-468-1 : libuser security update	Nessus	Debian Local Security Checks	high
85210	Scientific Linux Security Update : libuser on SL6.x i386/x86_64 (20150723)	Nessus	Scientific Linux Local Security Checks	high
85186	openSUSE Security Update : libuser (openSUSE-2015-529)	Nessus	SuSE Local Security Checks	high
85167	Fedora 21 : libuser-0.62-1.fc21 (2015-12064)	Nessus	Fedora Local Security Checks	high
85147	OracleVM 3.3 : libuser (OVMSA-2015-0106)	Nessus	OracleVM Local Security Checks	high
85134	Fedora 22 : libuser-0.62-1.fc22 (2015-12301)	Nessus	Fedora Local Security Checks	high
85115	Oracle Linux 6 : libuser (ELSA-2015-1482)	Nessus	Oracle Linux Local Security Checks	medium
85029	CentOS 6 : libuser (CESA-2015:1482)	Nessus	CentOS Local Security Checks	high
85004	Scientific Linux Security Update : libuser on SL7.x x86_64 (20150723)	Nessus	Scientific Linux Local Security Checks	high
84988	CentOS 7 : libuser (CESA-2015:1483)	Nessus	CentOS Local Security Checks	high
84977	RHEL 7 : libuser (RHSA-2015:1483)	Nessus	Red Hat Local Security Checks	high
84976	RHEL 6 : libuser (RHSA-2015:1482)	Nessus	Red Hat Local Security Checks	high
84975	Oracle Linux 7 : libuser (ELSA-2015-1483)	Nessus	Oracle Linux Local Security Checks	medium
84964	Amazon Linux AMI : usermode / libuser (ALAS-2015-572)	Nessus	Amazon Linux Local Security Checks	high

Detections

Analytics

CVE-2015-3246

high

Tenable Plugins

medium

medium

high

high

high

high

high

high

high

medium

high

high

high

high

high

medium

high