CVE-2015-3246

EPSS 21.4%

Published: 8/11/2015Modified: 4/28/2026

Also known as:DEBIAN-CVE-2015-3246

Description

libuser before 0.56.13-8 and 0.60 before 0.60-7, as used in the userhelper program in the usermode package, directly modifies /etc/passwd, which allows local users to cause a denial of service (inconsistent file state) by causing an error during the modification. NOTE: this issue can be combined with CVE-2015-3245 to gain privileges.

Affected packages (1)

Debian/libuserfrom 0, < 1:0.62~dfsg-0.1

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2015-3246