F5 Networks BIG-IP : Linux libuser vulnerability (SOL05770600)
High Nessus Plugin ID 91327
SynopsisThe remote device is missing a vendor-supplied security patch.
Descriptionlibuser before 0.56.13-8 and 0.60 before 0.60-7, as used in the userhelper program in the usermode package, directly modifies /etc/passwd, which allows local users to cause a denial of service (inconsistent file state) by causing an error during the modification.
NOTE: this issue can be combined with CVE-2015-3245 to gain privileges.
SolutionUpgrade to one of the non-vulnerable versions listed in the F5 Solution SOL05770600.