CVE-2015-3246
CVE-2015-3246
libuser before 0.56.13-8 and 0.60 before 0.60-7, as used in the userhelper program in the usermode package, directly modifies /etc/passwd, which allows local users to cause a denial of service (inconsistent file state) by causing an error during the modification. NOTE: this issue can be combined with CVE-2015-3245 to gain privileges.
Affected products
n/a · n/apublic PoCs found — 3
cve_referencewww.exploit-db.com/exploits/44633/unverifiedexploitdbwww.exploit-db.com/exploits/37706unverifiedexploitdbwww.exploit-db.com/exploits/44633unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163044.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-July/162947.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-08/msg00000.htmlhttp://rhn.redhat.com/errata/RHSA-2015-1482.htmlhttp://rhn.redhat.com/errata/RHSA-2015-1483.htmlhttps://access.redhat.com/articles/1537873https://www.exploit-db.com/exploits/44633/https://www.qualys.com/2015/07/23/cve-2015-3245-cve-2015-3246/cve-2015-3245-cve-2015-3246.txthttp://www.securityfocus.com/bid/76022http://www.securitytracker.com/id/1033040