Upstream information
Description
libuser before 0.56.13-8 and 0.60 before 0.60-7, as used in the userhelper program in the usermode package, directly modifies /etc/passwd, which allows local users to cause a denial of service (inconsistent file state) by causing an error during the modification. NOTE: this issue can be combined with CVE-2015-3245 to gain privileges.SUSE information
Overall state of this security issue: Resolved
This issue is currently rated as having important severity.
| CVSS detail | National Vulnerability Database |
|---|---|
| Base Score | 7.2 |
| Vector | AV:L/AC:L/Au:N/C:C/I:C/A:C |
| Access Vector | Local |
| Access Complexity | Low |
| Authentication | None |
| Confidentiality Impact | Complete |
| Integrity Impact | Complete |
| Availability Impact | Complete |
SUSE Security Advisories:
- openSUSE-SU-2015:1332-1, published Fri Dec 8 15:48:33 2023
List of released packages
| Product(s) | Fixed package version(s) | References |
|---|---|---|
| SUSE Liberty Linux 7 |
| Patchnames: RHSA-2015:1483 |
SUSE Timeline for this CVE
CVE page created: Thu Jul 9 15:22:32 2015CVE page last modified: Mon Oct 6 18:22:40 2025