Home

CVE-2015-3245

Description

Incomplete blacklist vulnerability in the chfn function in libuser before 0.56.13-8 and 0.60 before 0.60-7, as used in the userhelper program in the usermode package, allows local users to cause a denial of service (/etc/passwd corruption) via a newline character in the GECOS field.

Risk Information

Base Score
7.5
MODERATE
Vector
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS Score
Exploitation Probability
11.161

Associated Vulnerability

VulnerabilityOS Platform
(RHSA-2015:1482) Important: libuser security update libuser-0.56.13-8.el6_7.i686.rpmLinux
(RHSA-2015:1482) Important: libuser security update libuser-0.56.13-8.el6_7.x86_64.rpmLinux
(RHSA-2015:1482) Important: libuser security update libuser-devel-0.56.13-8.el6_7.i686.rpmLinux
(RHSA-2015:1482) Important: libuser security update libuser-devel-0.56.13-8.el6_7.x86_64.rpmLinux
(RHSA-2015:1482) Important: libuser security update libuser-python-0.56.13-8.el6_7.i686.rpmLinux
(RHSA-2015:1482) Important: libuser security update libuser-python-0.56.13-8.el6_7.x86_64.rpmLinux
(CESA-2015:1482) Important: libuser security update libuser-0.56.13-8.el6_7.i686.rpmLinux
(CESA-2015:1482) Important: libuser security update libuser-devel-0.56.13-8.el6_7.i686.rpmLinux
(CESA-2015:1482) Important: libuser security update libuser-python-0.56.13-8.el6_7.i686.rpmLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234