Debian Libuser vulnerabilities

5 known vulnerabilities affecting debian/libuser.

Total CVEs
5
CISA KEV
0
Public exploits
2
Exploited in wild
0
Severity breakdown
MEDIUM1LOW4

Vulnerabilities

Page 1 of 1
CVE-2015-3246LOWCVSS 2.1PoCfixed in libuser 1:0.62~dfsg-0.1 (bookworm)2015
CVE-2015-3246 [LOW] CVE-2015-3246: libuser - libuser before 0.56.13-8 and 0.60 before 0.60-7, as used in the userhelper progr... libuser before 0.56.13-8 and 0.60 before 0.60-7, as used in the userhelper program in the usermode package, directly modifies /etc/passwd, which allows local users to cause a denial of service (inconsistent file state) by causing an error during the modification. NOTE: this issue can be combined with CVE-2015-3245 to gain privileges. Scope: local bookworm: resolved (fi
debian
CVE-2015-3245LOWCVSS 2.1PoCfixed in libuser 1:0.62~dfsg-0.1 (bookworm)2015
CVE-2015-3245 [LOW] CVE-2015-3245: libuser - Incomplete blacklist vulnerability in the chfn function in libuser before 0.56.1... Incomplete blacklist vulnerability in the chfn function in libuser before 0.56.13-8 and 0.60 before 0.60-7, as used in the userhelper program in the usermode package, allows local users to cause a denial of service (/etc/passwd corruption) via a newline character in the GECOS field. Scope: local bookworm: resolved (fixed in 1:0.62~dfsg-0.1) bullseye: resolved (fixed in
debian
CVE-2012-5644LOWCVSS 5.5fixed in libuser 1:0.60~dfsg-1 (bookworm)2012
CVE-2012-5644 [MEDIUM] CVE-2012-5644: libuser - libuser has information disclosure when moving user's home directory libuser has information disclosure when moving user's home directory Scope: local bookworm: resolved (fixed in 1:0.60~dfsg-1) bullseye: resolved (fixed in 1:0.60~dfsg-1) forky: resolved (fixed in 1:0.60~dfsg-1) sid: resolved (fixed in 1:0.60~dfsg-1) trixie: resolved (fixed in 1:0.60~dfsg-1)
debian
CVE-2012-5630LOWCVSS 6.3fixed in libuser 1:0.60~dfsg-1 (bookworm)2012
CVE-2012-5630 [MEDIUM] CVE-2012-5630: libuser - libuser 0.56 and 0.57 has a TOCTOU (time-of-check time-of-use) race condition wh... libuser 0.56 and 0.57 has a TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees. Scope: local bookworm: resolved (fixed in 1:0.60~dfsg-1) bullseye: resolved (fixed in 1:0.60~dfsg-1) forky: resolved (fixed in 1:0.60~dfsg-1) sid: resolved (fixed in 1:0.60~dfsg-1) trixie: resolved (fixed in 1:0.60~dfsg-1)
debian
CVE-2011-0002MEDIUMCVSS 6.4fixed in libuser 1:0.56.9.dfsg.1-1.1 (bookworm)2011
CVE-2011-0002 [MEDIUM] CVE-2011-0002: libuser - libuser before 0.57 uses a cleartext password value of (1) !! or (2) x for new L... libuser before 0.57 uses a cleartext password value of (1) !! or (2) x for new LDAP user accounts, which makes it easier for remote attackers to obtain access by specifying one of these values. Scope: local bookworm: resolved (fixed in 1:0.56.9.dfsg.1-1.1) bullseye: resolved (fixed in 1:0.56.9.dfsg.1-1.1) forky: resolved (fixed in 1:0.56.9.dfsg.1-1.1) sid: resolved
debian