CVE-2015-3246

libuser <0.56.13-8 & 0.60 <0.60-7 - DoS

Title source: llm

Description

libuser before 0.56.13-8 and 0.60 before 0.60-7, as used in the userhelper program in the usermode package, directly modifies /etc/passwd, which allows local users to cause a denial of service (inconsistent file state) by causing an error during the modification. NOTE: this issue can be combined with CVE-2015-3245 to gain privileges.

Exploits (3)

exploitdb WORKING POC VERIFIED
by Metasploit · rubylocallinux
https://www.exploit-db.com/exploits/44633
exploitdb WRITEUP VERIFIED
by Qualys Corporation · textdoslinux
https://www.exploit-db.com/exploits/37706
metasploit WORKING POC GREAT
by Qualys, bcoles · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/local/libuser_roothelper_priv_esc.rb

References (10)

Scores

EPSS 0.2142
EPSS Percentile 95.7%

Details

CWE
CWE-264
Status published
Products (7)
redhat/libuser 0.60-1
redhat/libuser 0.60-2
redhat/libuser 0.60-3
redhat/libuser 0.60-4
redhat/libuser 0.60-5
redhat/libuser 0.60-6
redhat/libuser < 0.56.13-5
Published Aug 11, 2015
Tracked Since Feb 18, 2026