Debian DLA-468-1 : libuser security update

High Nessus Plugin ID 91108

Synopsis

The remote Debian host is missing a security update.

Description

Two security vulnerabilities were discovered in libuser, a library that implements a standardized interface for manipulating and administering user and group accounts, that could lead to a denial of service or privilege escalation by local users.

CVE-2015-3245 Incomplete blacklist vulnerability in the chfn function in libuser before 0.56.13-8 and 0.60 before 0.60-7, as used in the userhelper program in the usermode package, allows local users to cause a denial of service (/etc/passwd corruption) via a newline character in the GECOS field.

CVE-2015-3246 libuser before 0.56.13-8 and 0.60 before 0.60-7, as used in the userhelper program in the usermode package, directly modifies /etc/passwd, which allows local users to cause a denial of service (inconsistent file state) by causing an error during the modification.
NOTE: this issue can be combined with CVE-2015-3245 to gain privileges.

In addition the usermode package, which depends on libuser, was rebuilt against the updated version.

For Debian 7 'Wheezy', these problems have been fixed in

libuser 1:0.56.9.dfsg.1-1.2+deb7u1 usermode 1.109-1+deb7u2

We recommend that you upgrade your libuser and usermode packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

Upgrade the affected packages.

See Also

https://lists.debian.org/debian-lts-announce/2016/05/msg00021.html

https://packages.debian.org/source/wheezy/libuser

Plugin Details

Severity: High

ID: 91108

File Name: debian_DLA-468.nasl

Version: 2.7

Type: local

Agent: unix

Published: 2016/05/13

Updated: 2018/07/06

Dependencies: 12634

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 7.2

Temporal Score: 6.3

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:H/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:libuser, p-cpe:/a:debian:debian_linux:libuser1, p-cpe:/a:debian:debian_linux:libuser1-dev, p-cpe:/a:debian:debian_linux:python-libuser, cpe:/o:debian:debian_linux:7.0

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2016/05/12

Exploitable With

Core Impact

Metasploit (Libuser roothelper Privilege Escalation)

Reference Information

CVE: CVE-2015-3245, CVE-2015-3246

BID: 76021, 76022

IAVA: 2015-A-0179