Unrated severityNVD Advisory· Published Aug 11, 2015· Updated May 6, 2026
CVE-2015-3245
CVE-2015-3245
Description
Incomplete blacklist vulnerability in the chfn function in libuser before 0.56.13-8 and 0.60 before 0.60-7, as used in the userhelper program in the usermode package, allows local users to cause a denial of service (/etc/passwd corruption) via a newline character in the GECOS field.
Affected products
7cpe:2.3:a:redhat:libuser:*:*:*:*:*:*:*:*+ 6 more
- cpe:2.3:a:redhat:libuser:*:*:*:*:*:*:*:*range: <=0.56.13-5
- cpe:2.3:a:redhat:libuser:0.60-1:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:libuser:0.60-2:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:libuser:0.60-3:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:libuser:0.60-4:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:libuser:0.60-5:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:libuser:0.60-6:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
9- www.qualys.com/2015/07/23/cve-2015-3245-cve-2015-3246/cve-2015-3245-cve-2015-3246.txtnvdExploit
- lists.fedoraproject.org/pipermail/package-announce/2015-August/163044.htmlnvd
- lists.fedoraproject.org/pipermail/package-announce/2015-July/162947.htmlnvd
- rhn.redhat.com/errata/RHSA-2015-1482.htmlnvd
- rhn.redhat.com/errata/RHSA-2015-1483.htmlnvd
- www.securityfocus.com/bid/76021nvd
- www.securitytracker.com/id/1033040nvd
- access.redhat.com/articles/1537873nvd
- www.exploit-db.com/exploits/44633/nvd
News mentions
0No linked articles in our index yet.