libuser up to 0.56.13-7/0.60-6 userhelper /etc/passwd access control
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 3.2 | $0-$5k | 0.64 |
Summary
A vulnerability, which was classified as problematic, was found in libuser up to 0.56.13-7/0.60-6. This issue affects some unknown processing of the file /etc/passwd of the component userhelper. Executing a manipulation can lead to access control. This vulnerability is registered as CVE-2015-3246. Furthermore, an exploit is available. You should upgrade the affected component.
Details
A vulnerability classified as problematic was found in libuser up to 0.56.13-7/0.60-6. This vulnerability affects some unknown functionality of the file /etc/passwd of the component userhelper. The manipulation with an unknown input leads to a access control vulnerability. The CWE definition for the vulnerability is CWE-264. As an impact it is known to affect availability. CVE summarizes:
libuser before 0.56.13-8 and 0.60 before 0.60-7, as used in the userhelper program in the usermode package, directly modifies /etc/passwd, which allows local users to cause a denial of service (inconsistent file state) by causing an error during the modification. NOTE: this issue can be combined with CVE-2015-3245 to gain privileges.
The weakness was published 08/11/2015 with Qualys (Website). The advisory is shared for download at qualys.com. This vulnerability was named CVE-2015-3246 since 04/10/2015. The attack needs to be approached locally. A single authentication is required for exploitation. Technical details and also a public exploit are known. The MITRE ATT&CK project declares the attack technique as T1068.
A public exploit has been developed by Metasploit and been published 4 years after the advisory. It is possible to download the exploit at exploit-db.com. It is declared as highly functional. The vulnerability scanner Nessus provides a plugin with the ID 84988 (CentOS 7 : libuser (CESA-2015:1483)), which helps to determine the existence of the flaw in a target environment. It is assigned to the family CentOS Local Security Checks and running in the context l. The commercial vulnerability scanner Qualys is able to test this issue with plugin 350130 (Amazon Linux Security Advisory for usermode,libuser: ALAS-2015-572).
Upgrading to version 0.56.13-8 or 0.60-7 eliminates this vulnerability. A possible mitigation has been published before and not just after the disclosure of the vulnerability.
The vulnerability is also documented in the databases at Exploit-DB (44633), Tenable (84988), SecurityFocus (BID 76022†) and Vulnerability Center (SBV-56405†). Similar entry is available at VDB-76959. VulDB is the best source for vulnerability data and more expert information about this specific topic.
Product
Name
Version
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 3.3VulDB Meta Temp Score: 3.2
VulDB Base Score: 3.3
VulDB Temp Score: 3.2
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Access controlCWE: CWE-264
CAPEC: 🔍
ATT&CK: 🔍
Physical: Partially
Local: Yes
Remote: No
Availability: 🔍
Access: Public
Status: Highly functional
Author: Metasploit
Download: 🔍
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 84988
Nessus Name: CentOS 7 : libuser (CESA-2015:1483)
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
Nessus Context: 🔍
OpenVAS ID: 14611
OpenVAS Name: Amazon Linux Local Check: ALAS-2015-572
OpenVAS File: 🔍
OpenVAS Family: 🔍
Qualys ID: 🔍
Qualys Name: 🔍
MetaSploit ID: libuser_roothelper_priv_esc.rb
MetaSploit Name: Libuser roothelper Privilege Escalation
MetaSploit File: 🔍
Exploit-DB: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Exploit Delay Time: 🔍
Upgrade: libuser 0.56.13-8/0.60-7
Timeline
04/10/2015 🔍07/23/2015 🔍
07/23/2015 🔍
07/24/2015 🔍
07/27/2015 🔍
08/11/2015 🔍
08/11/2015 🔍
08/12/2015 🔍
02/03/2016 🔍
05/16/2018 🔍
05/16/2018 🔍
06/25/2024 🔍
Sources
Advisory: RHSA-2015:1483Organization: Qualys
Status: Confirmed
Confirmation: 🔍
CVE: CVE-2015-3246 (🔍)
GCVE (CVE): GCVE-0-2015-3246
GCVE (VulDB): GCVE-100-76960
SecurityFocus: 76022 - libuser CVE-2015-3246 Local Privilege Escalation Vulnerability
SecurityTracker: 1033040
Vulnerability Center: 56405 - F5 Multiple Big-IP and Big-IQ Products Local DoS and Privilege Escalation due to an Issue in libuser, High
scip Labs: https://www.scip.ch/en/?labs.20161013
See also: 🔍
Entry
Created: 08/12/2015 10:23Updated: 06/25/2024 06:10
Changes: 08/12/2015 10:23 (60), 07/23/2018 07:51 (26), 06/07/2022 14:25 (4), 06/07/2022 14:29 (1), 06/25/2024 06:10 (15)
Complete: 🔍
Cache ID: 216::103
VulDB is the best source for vulnerability data and more expert information about this specific topic.
No comments yet. Languages: en.
Please log in to comment.