Libuser
by Libuser
CVEs (6)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-3246 | 0.05 | — | 0.20 | Aug 11, 2015 | libuser before 0.56.13-8 and 0.60 before 0.60-7, as used in the userhelper program in the usermode package, directly modifies /etc/passwd, which allows local users to cause a denial of service (inconsistent file state) by causing an error during the modification. NOTE: this… | |||
| CVE-2015-3245 | 0.04 | — | 0.10 | Aug 11, 2015 | Incomplete blacklist vulnerability in the chfn function in libuser before 0.56.13-8 and 0.60 before 0.60-7, as used in the userhelper program in the usermode package, allows local users to cause a denial of service (/etc/passwd corruption) via a newline character in the GECOS… | |||
| CVE-2012-5644 | 0.00 | — | 0.00 | Nov 25, 2019 | libuser has information disclosure when moving user's home directory | |||
| CVE-2012-5630 | 0.00 | — | 0.00 | Nov 25, 2019 | libuser 0.56 and 0.57 has a TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees. | |||
| CVE-2011-0002 | 0.00 | — | 0.02 | Jan 22, 2011 | libuser before 0.57 uses a cleartext password value of (1) !! or (2) x for new LDAP user accounts, which makes it easier for remote attackers to obtain access by specifying one of these values. | |||
| CVE-2004-2392 | 0.00 | — | 0.01 | Dec 31, 2004 | libuser 0.51.7 allows attackers to cause a denial of service (crash or disk consumption) via unknown attack vectors, related to read failures and other bugs. |
- CVE-2015-3246Aug 11, 2015risk 0.05cvss —epss 0.20
libuser before 0.56.13-8 and 0.60 before 0.60-7, as used in the userhelper program in the usermode package, directly modifies /etc/passwd, which allows local users to cause a denial of service (inconsistent file state) by causing an error during the modification. NOTE: this…
- CVE-2015-3245Aug 11, 2015risk 0.04cvss —epss 0.10
Incomplete blacklist vulnerability in the chfn function in libuser before 0.56.13-8 and 0.60 before 0.60-7, as used in the userhelper program in the usermode package, allows local users to cause a denial of service (/etc/passwd corruption) via a newline character in the GECOS…
- CVE-2012-5644Nov 25, 2019risk 0.00cvss —epss 0.00
libuser has information disclosure when moving user's home directory
- CVE-2012-5630Nov 25, 2019risk 0.00cvss —epss 0.00
libuser 0.56 and 0.57 has a TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees.
- CVE-2011-0002Jan 22, 2011risk 0.00cvss —epss 0.02
libuser before 0.57 uses a cleartext password value of (1) !! or (2) x for new LDAP user accounts, which makes it easier for remote attackers to obtain access by specifying one of these values.
- CVE-2004-2392Dec 31, 2004risk 0.00cvss —epss 0.01
libuser 0.51.7 allows attackers to cause a denial of service (crash or disk consumption) via unknown attack vectors, related to read failures and other bugs.