Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2015-3246 — Libuser vulnerability

10 documents8 sources

Severity

7.2HIGHNVD

OSV2.1

EPSS

21.4%

top 4.28%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Libuser Debian Libuser Redhat Libuser

Timeline

PublishedAug 11

Latest updateMay 14

Description

libuser before 0.56.13-8 and 0.60 before 0.60-7, as used in the userhelper program in the usermode package, directly modifies /etc/passwd, which allows local users to cause a denial of service (inconsistent file state) by causing an error during the modification. NOTE: this issue can be combined with CVE-2015-3245 to gain privileges.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages3 packages

▶debiandebian/libuser< libuser 1:0.62~dfsg-0.1 (bookworm)

▶Debianlibuser/libuser< 1:0.62~dfsg-0.1+3

▶NVDredhat/libuser0.56.13-5+6

🔴Vulnerability Details

GHSA

GHSA-f52h-j689-x786: libuser before 0↗2022-05-14

▶

OSV

CVE-2015-3246: libuser before 0↗2015-08-11

▶

💥Exploits & PoCs

Exploit-DB

Libuser - 'roothelper' Local Privilege Escalation (Metasploit)↗2018-05-16

▶

Exploit-DB

Libuser Library - Multiple Vulnerabilities↗2015-07-27

▶

Metasploit

Libuser roothelper Privilege Escalation↗

▶

📋Vendor Advisories

Red Hat

libuser: Security flaw in handling /etc/passwd file↗2015-07-23

▶

Debian

CVE-2015-3246: libuser - libuser before 0.56.13-8 and 0.60 before 0.60-7, as used in the userhelper progr...↗2015

▶

💬Community

Bugzilla

CVE-2015-3245 CVE-2015-3246 libuser: various flaws [fedora-all]↗2015-07-23

▶

Bugzilla

CVE-2015-3246 libuser: Security flaw in handling /etc/passwd file↗2015-06-18

▶