[arch-security] [ASA-201507-19] libuser: multiple issues

Levente Polyak anthraxx at archlinux.org
Fri Jul 24 13:17:51 UTC 2015

Arch Linux Security Advisory ASA-201507-19

Severity: Critical
Date    : 2015-07-24
CVE-ID  : CVE-2015-3245 CVE-2015-3246
Package : libuser
Type    : multiple issues
Remote  : No
Link    : https://wiki.archlinux.org/index.php/CVE


The package libuser before version 0.62-1 is vulnerable to privilege
escalation and denial of service.


Upgrade to 0.62-1.

# pacman -Syu "libuser>=0.62-1"

The problems have been fixed upstream in version 0.62.




- CVE-2015-3245 (denial of service)

It was found that libuser, as used by the chfn userhelper functionality,
did not properly filter out newline characters in GECOS fields. A local,
authenticated user could use this flaw to corrupt the /etc/passwd file,
resulting in a denial-of-service on the system.

- CVE-2015-3246 (privilege escalation)

A flaw was found in the way the libuser library handled the /etc/passwd
file. A local attacker could use an application compiled against libuser
(for example, userhelper) to manipulate the /etc/passwd file, which
could result in a denial of service or possibly allow the attacker to
escalate their privileges to root.


A local authenticated user is able to use an application compiled
against libuser to escalate privileges to root or perform a
denial-of-service attack on the system by corrupting the /etc/passwd file.



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <https://lists.archlinux.org/pipermail/arch-security/attachments/20150724/0824cc0e/attachment.asc>

More information about the arch-security mailing list