{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-07-23T00:00:00", "descriptions": [{"lang": "en", "value": "libuser before 0.56.13-8 and 0.60 before 0.60-7, as used in the userhelper program in the usermode package, directly modifies /etc/passwd, which allows local users to cause a denial of service (inconsistent file state) by causing an error during the modification. NOTE: this issue can be combined with CVE-2015-3245 to gain privileges."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-05-19T09:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "76022", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/76022"}, {"name": "FEDORA-2015-12301", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162947.html"}, {"name": "44633", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/44633/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://access.redhat.com/articles/1537873"}, {"name": "RHSA-2015:1482", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1482.html"}, {"name": "FEDORA-2015-12064", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163044.html"}, {"name": "openSUSE-SU-2015:1332", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00000.html"}, {"tags": ["x_refsource_MISC"], "url": "https://www.qualys.com/2015/07/23/cve-2015-3245-cve-2015-3246/cve-2015-3245-cve-2015-3246.txt"}, {"name": "1033040", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1033040"}, {"name": "RHSA-2015:1483", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1483.html"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T05:39:32.107Z"}, "title": "CVE Program Container", "references": [{"name": "76022", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/76022"}, {"name": "FEDORA-2015-12301", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162947.html"}, {"name": "44633", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/44633/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://access.redhat.com/articles/1537873"}, {"name": "RHSA-2015:1482", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1482.html"}, {"name": "FEDORA-2015-12064", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163044.html"}, {"name": "openSUSE-SU-2015:1332", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00000.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.qualys.com/2015/07/23/cve-2015-3245-cve-2015-3246/cve-2015-3245-cve-2015-3246.txt"}, {"name": "1033040", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1033040"}, {"name": "RHSA-2015:1483", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1483.html"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2015-3246", "datePublished": "2015-08-11T14:00:00", "dateReserved": "2015-04-10T00:00:00", "dateUpdated": "2024-08-06T05:39:32.107Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:libuser:*:*:*:*:*:*:*:*", "matchCriteriaId": "6DE02055-ABFB-4A4A-81DF-C91E4371C5C4", "versionEndIncluding": "0.56.13-5", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libuser:0.60-1:*:*:*:*:*:*:*", "matchCriteriaId": "F65586F4-FA31-4F67-825E-1BDD1C904AE7", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libuser:0.60-2:*:*:*:*:*:*:*", "matchCriteriaId": "E1C1A46C-08EC-4997-8BF2-ACE6E313F644", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libuser:0.60-3:*:*:*:*:*:*:*", "matchCriteriaId": "6E93B3B2-A2D2-4BEB-BF4C-632A129B71CD", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libuser:0.60-4:*:*:*:*:*:*:*", "matchCriteriaId": "0F3BE074-6A6C-46A2-B9CC-39BA0EFCC4EB", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libuser:0.60-5:*:*:*:*:*:*:*", "matchCriteriaId": "DA7134C0-766F-47A8-ACFA-D457B801C534", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libuser:0.60-6:*:*:*:*:*:*:*", "matchCriteriaId": "7FE93709-708B-46A3-91A5-7AA9DC918CB9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "libuser before 0.56.13-8 and 0.60 before 0.60-7, as used in the userhelper program in the usermode package, directly modifies /etc/passwd, which allows local users to cause a denial of service (inconsistent file state) by causing an error during the modification. NOTE: this issue can be combined with CVE-2015-3245 to gain privileges."}, {"lang": "es", "value": "Vulnerabilidad en libuser en versiones anteriores 0.56.13-8 y 0.60 en versiones anteriores a 0.60.7, tal como se utiliza en el programa userhelper en el paquete usermode, modifica directamente /etc/passwd, lo que permite a usuarios locales provocar una denegaci\u00f3n de servicio (estado de archivo inconsistente) causando un error durante la modificaci\u00f3n. NOTA: este problema se puede combinar con CVE-2015-3245 para obtener privilegios."}], "id": "CVE-2015-3246", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2015-08-11T14:59:07.040", "references": [{"source": "secalert@redhat.com", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163044.html"}, {"source": "secalert@redhat.com", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162947.html"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00000.html"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2015-1482.html"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2015-1483.html"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/76022"}, {"source": "secalert@redhat.com", "url": "http://www.securitytracker.com/id/1033040"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/articles/1537873"}, {"source": "secalert@redhat.com", "url": "https://www.exploit-db.com/exploits/44633/"}, {"source": "secalert@redhat.com", "tags": ["Exploit"], "url": "https://www.qualys.com/2015/07/23/cve-2015-3245-cve-2015-3246/cve-2015-3245-cve-2015-3246.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163044.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162947.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00000.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2015-1482.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2015-1483.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/76022"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1033040"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/articles/1537873"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.exploit-db.com/exploits/44633/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "https://www.qualys.com/2015/07/23/cve-2015-3245-cve-2015-3246/cve-2015-3245-cve-2015-3246.txt"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank Qualys for reporting this issue.", "affected_release": [{"advisory": "RHSA-2015:1482", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "libuser-0:0.56.13-8.el6_7", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2015-07-23T00:00:00Z"}, {"advisory": "RHSA-2015:1483", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "libuser-0:0.60-7.ael7b_1", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2015-07-23T00:00:00Z"}], "bugzilla": {"description": "libuser: Security flaw in handling /etc/passwd file", "id": "1233052", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1233052"}, "csaw": true, "cvss": {"cvss_base_score": "6.8", "cvss_scoring_vector": "AV:L/AC:L/Au:S/C:C/I:C/A:C", "status": "verified"}, "details": ["libuser before 0.56.13-8 and 0.60 before 0.60-7, as used in the userhelper program in the usermode package, directly modifies /etc/passwd, which allows local users to cause a denial of service (inconsistent file state) by causing an error during the modification. NOTE: this issue can be combined with CVE-2015-3245 to gain privileges.", "A flaw was found in the way the libuser library handled the /etc/passwd file. A local attacker could use an application compiled against libuser (for example, userhelper) to manipulate the /etc/passwd file, which could result in a denial of service or possibly allow the attacker to escalate their privileges to root."], "mitigation": {"lang": "en:us", "value": "Add pam_warn and pam_deny rules to /etc/pam.d/chfn and /etc/pam.d/chsh to prevent non-root users from using this functionality. With these edits, the files should contain:\nauth sufficient pam_rootok.so\nauth required pam_warn.so\nauth required pam_deny.so\nauth include system-auth\naccount include system-auth\npassword include system-auth\nsession include system-auth\nAfter these changes, attempts by unprivileged users to use chfn and chsh (and the respective functionality in the userhelper program) will fail, and will be logged (by default in /var/log/secure)."}, "name": "CVE-2015-3246", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "libuser", "product_name": "Red Hat Enterprise Linux 5"}], "public_date": "2015-07-23T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2015-3246\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-3246\nhttps://access.redhat.com/articles/1537873"], "statement": "This issue affects the versions of libuser as shipped with Red Hat Enterprise Linux 5. Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This vulnerability has been rated as having Important security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "threat_severity": "Important"}