Vulnerability Name:

CVE-2015-3246 (CCN-105023)

Assigned:2015-07-23
Published:2015-07-23
Updated:2018-05-20
Summary:libuser before 0.56.13-8 and 0.60 before 0.60-7, as used in the userhelper program in the usermode package, directly modifies /etc/passwd, which allows local users to cause a denial of service (inconsistent file state) by causing an error during the modification.
Note: this issue can be combined with CVE-2015-3245 to gain privileges.
CVSS v3 Severity:7.8 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
7.2 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
6.8 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
6.8 Medium (REDHAT CVSS v2 Vector: AV:L/AC:L/Au:S/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-264
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2015-3246

Source: FEDORA
Type: UNKNOWN
FEDORA-2015-12064

Source: FEDORA
Type: UNKNOWN
FEDORA-2015-12301

Source: SUSE
Type: UNKNOWN
openSUSE-SU-2015:1332

Source: REDHAT
Type: UNKNOWN
RHSA-2015:1482

Source: REDHAT
Type: UNKNOWN
RHSA-2015:1483

Source: CCN
Type: BugTraq Mailing List, Thu, 23 Jul 2015 10:28:11 -0700
Qualys Security Advisory - CVE-2015-3245 userhelper - CVE-2015-3246 libuser

Source: CCN
Type: IBM Security Bulletin T1022604
Vulnerabilities in libuser affect PowerKVM (CVE-2015-3245 and CVE-2015-3246)

Source: CCN
Type: IBM Security Bulletin N1020961
Vulnerabilities in libuser affect Power Hardware Management Console (CVE-2015-3245 CVE-2015-3246)

Source: CCN
Type: IBM Security Bulletin S1005336
libuser vulnerabilities affect IBM Storwize V7000 Unified (CVE-2015-3245 and CVE-2015-3246)

Source: CCN
Type: IBM Security Bulletin S1005337
libuser vulnerabilities affect IBM SONAS (CVE-2015-3245 and CVE-2015-3246)

Source: CCN
Type: IBM Security Bulletin 1964539
Vulnerabilities in libuser affect IBM Security Network Protection (CVE-2015-3245, CVE-2015-3246)

Source: CCN
Type: IBM Security Bulletin 1965746
Security vulnerabilities in libuser affect IBM Netezza Host Management (CVE-2015-3246 and CVE-2015-3245)

Source: CCN
Type: IBM Security Bulletin 1966274
Multiple vulnerabilities in NTP, Hivex, glibc, libuser, BIND affect IBM SmartCloud Provisioning for IBM Software Virtual Appliance

Source: CCN
Type: IBM Security Bulletin 1966429
Vulnerabilities in Open Source libuser affect IBM Security Guardium (CVE-2015-3246, CVE-2015-3245)

Source: BID
Type: UNKNOWN
76022

Source: CCN
Type: BID-76022
libuser CVE-2015-3246 Local Privilege Escalation Vulnerability

Source: SECTRACK
Type: UNKNOWN
1033040

Source: CONFIRM
Type: UNKNOWN
https://access.redhat.com/articles/1537873

Source: XF
Type: UNKNOWN
libuser-cve20153246-priv-esc(105023)

Source: CCN
Type: fedora HOSTED Web site
libuser

Source: CCN
Type: Packet Storm Security [07-23-2015]
Qualys Security Advisory - userhelper / libuser

Source: EXPLOIT-DB
Type: EXPLOIT
Offensive Security Exploit Database [07-27-2015]

Source: EXPLOIT-DB
Type: EXPLOIT
Offensive Security Exploit Database [05-16-2018]

Source: EXPLOIT-DB
Type: UNKNOWN
44633

Source: MISC
Type: Exploit
https://www.qualys.com/2015/07/23/cve-2015-3245-cve-2015-3246/cve-2015-3245-cve-2015-3246.txt

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2015-3246

Vulnerable Configuration:Configuration 1:
  • cpe:/a:redhat:libuser:*:*:*:*:*:*:*:* (Version <= 0.56.13-5)
  • OR cpe:/a:redhat:libuser:0.60-1:*:*:*:*:*:*:*
  • OR cpe:/a:redhat:libuser:0.60-2:*:*:*:*:*:*:*
  • OR cpe:/a:redhat:libuser:0.60-3:*:*:*:*:*:*:*
  • OR cpe:/a:redhat:libuser:0.60-4:*:*:*:*:*:*:*
  • OR cpe:/a:redhat:libuser:0.60-5:*:*:*:*:*:*:*
  • OR cpe:/a:redhat:libuser:0.60-6:*:*:*:*:*:*:*

    • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:6:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:6::client:*:*:*:*:*

    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:6::computenode:*:*:*:*:*

    • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:6::server:*:*:*:*:*

    • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:6::workstation:*:*:*:*:*

    • Configuration RedHat 6:
  • cpe:/o:redhat:enterprise_linux:7:*:*:*:*:*:*:*

    • Configuration RedHat 7:
  • cpe:/o:redhat:enterprise_linux:7::client:*:*:*:*:*

    • Configuration RedHat 8:
  • cpe:/o:redhat:enterprise_linux:7::computenode:*:*:*:*:*

    • Configuration RedHat 9:
  • cpe:/o:redhat:enterprise_linux:7::server:*:*:*:*:*

    • Configuration RedHat 10:
  • cpe:/o:redhat:enterprise_linux:7::workstation:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:libuser_project:libuser:0.61:*:*:*:*:*:*:*
  • AND
  • cpe:/a:ibm:smartcloud_provisioning:2.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:smartcloud_provisioning:2.1.0.1:*:*:*:*:*:*:*
  • OR cpe:/o:ibm:security_network_protection_firmware:5.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:puredata_system:1.0.0:*:*:*:analytics:*:*:*
  • OR cpe:/o:ibm:security_network_protection_firmware:5.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:smartcloud_provisioning:2.1.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:smartcloud_provisioning:2.1.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:powerkvm:2.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:storwize_v7000_unified_software:1.5.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:security_guardium:10:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20153246
    V
    		CVE-2015-3246
    2017-03-20
    oval:com.ubuntu.xenial:def:20153246000
    V
    		CVE-2015-3246 on Ubuntu 16.04 LTS (xenial) - medium.
    2015-08-11
    oval:com.ubuntu.xenial:def:201532460000000
    V
    		CVE-2015-3246 on Ubuntu 16.04 LTS (xenial) - medium.
    2015-08-11
    oval:com.ubuntu.cosmic:def:20153246000
    V
    		CVE-2015-3246 on Ubuntu 18.10 (cosmic) - medium.
    2015-08-11
    oval:com.ubuntu.disco:def:201532460000000
    V
    		CVE-2015-3246 on Ubuntu 19.04 (disco) - medium.
    2015-08-11
    oval:com.ubuntu.precise:def:20153246000
    V
    		CVE-2015-3246 on Ubuntu 12.04 LTS (precise) - medium.
    2015-08-11
    oval:com.ubuntu.cosmic:def:201532460000000
    V
    		CVE-2015-3246 on Ubuntu 18.10 (cosmic) - medium.
    2015-08-11
    oval:com.ubuntu.artful:def:20153246000
    V
    		CVE-2015-3246 on Ubuntu 17.10 (artful) - medium.
    2015-08-11
    oval:com.ubuntu.trusty:def:20153246000
    V
    		CVE-2015-3246 on Ubuntu 14.04 LTS (trusty) - medium.
    2015-08-11
    oval:com.ubuntu.bionic:def:201532460000000
    V
    		CVE-2015-3246 on Ubuntu 18.04 LTS (bionic) - medium.
    2015-08-11
    oval:com.ubuntu.bionic:def:20153246000
    V
    		CVE-2015-3246 on Ubuntu 18.04 LTS (bionic) - medium.
    2015-08-11
    oval:com.redhat.rhsa:def:20151482
    P
    		RHSA-2015:1482: libuser security update (Important)
    2015-07-23
    oval:com.redhat.rhsa:def:20151483
    P
    		RHSA-2015:1483: libuser security update (Important)
    2015-07-23
    BACK
    redhat libuser *
    redhat libuser 0.60-1
    redhat libuser 0.60-2
    redhat libuser 0.60-3
    redhat libuser 0.60-4
    redhat libuser 0.60-5
    redhat libuser 0.60-6
    libuser_project libuser 0.61
    ibm smartcloud provisioning 2.1
    ibm smartcloud provisioning 2.1.0.1
    ibm security network protection firmware 5.3
    ibm puredata system 1.0.0
    ibm security network protection firmware 5.2.0
    ibm smartcloud provisioning 2.1.0.2
    ibm smartcloud provisioning 2.1.0.3
    ibm powerkvm 2.1
    ibm storwize v7000 unified software 1.5.2.1
    ibm security guardium 10