QwikSec

Security Database

CVE

CWE

Training

CVE-2015-3245

Published: Aug 11, 2015

Modified: Aug 6, 2024

PUBLISHED

Description

Incomplete blacklist vulnerability in the chfn function in libuser before 0.56.13-8 and 0.60 before 0.60-7, as used in the userhelper program in the usermode package, allows local users to cause a denial of service (/etc/passwd corruption) via a newline character in the GECOS field.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

FEDORA-2015-12301

vendor-advisory

x_refsource_FEDORA

exploit

x_refsource_EXPLOIT-DB

https://access.redhat.com/articles/1537873

x_refsource_CONFIRM

vendor-advisory

x_refsource_REDHAT

FEDORA-2015-12064

vendor-advisory

x_refsource_FEDORA

https://www.qualys.com/2015/07/23/cve-2015-3245-cve-2015-3246/cve-2015-3245-cve-2015-3246.txt

x_refsource_MISC

vdb-entry

x_refsource_SECTRACK

vdb-entry

x_refsource_BID

vendor-advisory

x_refsource_REDHAT

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.