libuser before 0.56.13-8 and 0.60 before 0.60-7, as used in the userhelper program in the usermode package, directly modifies /etc/passwd, which allows local users to cause a denial of service (inconsistent file state) by causing an error during the modification. NOTE: this issue can be combined with CVE-2015-3245 to gain privileges.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Libuser | Redhat | 0.60-3 | 0.60-3 |
Libuser | Redhat | * | 0.56.13-5 |
Libuser | Redhat | 0.60-1 | 0.60-1 |
Libuser | Redhat | 0.60-6 | 0.60-6 |
Libuser | Redhat | 0.60-2 | 0.60-2 |
Libuser | Redhat | 0.60-5 | 0.60-5 |
Libuser | Redhat | 0.60-4 | 0.60-4 |