{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-07-23T00:00:00", "descriptions": [{"lang": "en", "value": "Incomplete blacklist vulnerability in the chfn function in libuser before 0.56.13-8 and 0.60 before 0.60-7, as used in the userhelper program in the usermode package, allows local users to cause a denial of service (/etc/passwd corruption) via a newline character in the GECOS field."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-05-19T09:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "FEDORA-2015-12301", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162947.html"}, {"name": "44633", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/44633/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://access.redhat.com/articles/1537873"}, {"name": "RHSA-2015:1482", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1482.html"}, {"name": "FEDORA-2015-12064", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163044.html"}, {"tags": ["x_refsource_MISC"], "url": "https://www.qualys.com/2015/07/23/cve-2015-3245-cve-2015-3246/cve-2015-3245-cve-2015-3246.txt"}, {"name": "1033040", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1033040"}, {"name": "76021", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/76021"}, {"name": "RHSA-2015:1483", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1483.html"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T05:39:32.007Z"}, "title": "CVE Program Container", "references": [{"name": "FEDORA-2015-12301", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162947.html"}, {"name": "44633", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/44633/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://access.redhat.com/articles/1537873"}, {"name": "RHSA-2015:1482", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1482.html"}, {"name": "FEDORA-2015-12064", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163044.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.qualys.com/2015/07/23/cve-2015-3245-cve-2015-3246/cve-2015-3245-cve-2015-3246.txt"}, {"name": "1033040", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1033040"}, {"name": "76021", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/76021"}, {"name": "RHSA-2015:1483", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1483.html"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2015-3245", "datePublished": "2015-08-11T14:00:00", "dateReserved": "2015-04-10T00:00:00", "dateUpdated": "2024-08-06T05:39:32.007Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:libuser:*:*:*:*:*:*:*:*", "matchCriteriaId": "6DE02055-ABFB-4A4A-81DF-C91E4371C5C4", "versionEndIncluding": "0.56.13-5", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libuser:0.60-1:*:*:*:*:*:*:*", "matchCriteriaId": "F65586F4-FA31-4F67-825E-1BDD1C904AE7", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libuser:0.60-2:*:*:*:*:*:*:*", "matchCriteriaId": "E1C1A46C-08EC-4997-8BF2-ACE6E313F644", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libuser:0.60-3:*:*:*:*:*:*:*", "matchCriteriaId": "6E93B3B2-A2D2-4BEB-BF4C-632A129B71CD", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libuser:0.60-4:*:*:*:*:*:*:*", "matchCriteriaId": "0F3BE074-6A6C-46A2-B9CC-39BA0EFCC4EB", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libuser:0.60-5:*:*:*:*:*:*:*", "matchCriteriaId": "DA7134C0-766F-47A8-ACFA-D457B801C534", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libuser:0.60-6:*:*:*:*:*:*:*", "matchCriteriaId": "7FE93709-708B-46A3-91A5-7AA9DC918CB9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Incomplete blacklist vulnerability in the chfn function in libuser before 0.56.13-8 and 0.60 before 0.60-7, as used in the userhelper program in the usermode package, allows local users to cause a denial of service (/etc/passwd corruption) via a newline character in the GECOS field."}, {"lang": "es", "value": "Vulnerabilidad de lista negra incompleta en la funci\u00f3n chfn en libuser en versiones anteriores a 0.56.13-8 y 0.60 en versiones anteriores a 0.60-7, tal como se utiliza en el programa userhelp en el paquete usermode, permite a usuarios locales provocar una denegaci\u00f3n de servicio (/etc/passwd corruption) a trav\u00e9s de un caracter de nueva l\u00ednea en el campo GECOS."}], "id": "CVE-2015-3245", "lastModified": "2023-02-13T00:48:56.483", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2015-08-11T14:59:05.570", "references": [{"source": "secalert@redhat.com", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163044.html"}, {"source": "secalert@redhat.com", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162947.html"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2015-1482.html"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2015-1483.html"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/76021"}, {"source": "secalert@redhat.com", "url": "http://www.securitytracker.com/id/1033040"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/articles/1537873"}, {"source": "secalert@redhat.com", "url": "https://www.exploit-db.com/exploits/44633/"}, {"source": "secalert@redhat.com", "tags": ["Exploit"], "url": "https://www.qualys.com/2015/07/23/cve-2015-3245-cve-2015-3246/cve-2015-3245-cve-2015-3246.txt"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank Qualys for reporting this issue.", "affected_release": [{"advisory": "RHSA-2015:1482", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "libuser-0:0.56.13-8.el6_7", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2015-07-23T00:00:00Z"}, {"advisory": "RHSA-2015:1483", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "libuser-0:0.60-7.ael7b_1", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2015-07-23T00:00:00Z"}], "bugzilla": {"description": "libuser: does not filter newline characters in the GECOS field", "id": "1233043", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1233043"}, "csaw": false, "cvss": {"cvss_base_score": "1.7", "cvss_scoring_vector": "AV:L/AC:L/Au:S/C:N/I:N/A:P", "status": "verified"}, "cwe": "CWE-138", "details": ["Incomplete blacklist vulnerability in the chfn function in libuser before 0.56.13-8 and 0.60 before 0.60-7, as used in the userhelper program in the usermode package, allows local users to cause a denial of service (/etc/passwd corruption) via a newline character in the GECOS field.", "It was found that libuser, as used by the chfn userhelper functionality, did not properly filter out newline characters in GECOS fields. A local, authenticated user could use this flaw to corrupt the /etc/passwd file, resulting in a denial-of-service on the system."], "mitigation": {"lang": "en:us", "value": "Add pam_warn and pam_deny rules to /etc/pam.d/chfn and /etc/pam.d/chsh to prevent non-root users from using this functionality. With these edits, the files should contain:\n#%PAM-1.0\nauth sufficient pam_rootok.so\nauth required pam_warn.so\nauth required pam_deny.so\nauth include system-auth\naccount include system-auth\npassword include system-auth\nsession include system-auth\nAfterwards, attempts by unprivileged users to use chfn and chsh (and the respective functionality in the userhelper program) will fail, and will be logged (by default in /var/log/secure)."}, "name": "CVE-2015-3245", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "libuser", "product_name": "Red Hat Enterprise Linux 5"}], "public_date": "2015-07-23T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2015-3245\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-3245\nhttps://access.redhat.com/articles/1537873"], "statement": "Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This vulnerability has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "threat_severity": "Moderate"}