Incomplete blacklist vulnerability in the chfn function in libuser before 0.56.13-8 and 0.60 before 0.60-7, as used in the userhelper program in the usermode package, allows local users to cause a denial of service (/etc/passwd corruption) via a newline character in the GECOS field.
References
Configurations
Configuration 1 (hide)
|
History
13 Feb 2023, 00:48
Type | Values Removed | Values Added |
---|---|---|
Summary | Incomplete blacklist vulnerability in the chfn function in libuser before 0.56.13-8 and 0.60 before 0.60-7, as used in the userhelper program in the usermode package, allows local users to cause a denial of service (/etc/passwd corruption) via a newline character in the GECOS field. | |
References |
|
02 Feb 2023, 20:20
Type | Values Removed | Values Added |
---|---|---|
Summary | It was found that libuser, as used by the chfn userhelper functionality, did not properly filter out newline characters in GECOS fields. A local, authenticated user could use this flaw to corrupt the /etc/passwd file, resulting in a denial-of-service on the system. | |
References |
|
Information
Published : 2015-08-11 14:59
Updated : 2023-12-10 11:46
NVD link : CVE-2015-3245
Mitre link : CVE-2015-3245
CVE.ORG link : CVE-2015-3245
JSON object : View
Products Affected
redhat
- libuser
CWE
CWE-20
Improper Input Validation