CVSS: 5.5EPSS: 15%CPEs: 7EXPL: 5CVE-2015-3245 – Libuser Library - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2015-3245
23 Jul 2015 — Incomplete blacklist vulnerability in the chfn function in libuser before 0.56.13-8 and 0.60 before 0.60-7, as used in the userhelper program in the usermode package, allows local users to cause a denial of service (/etc/passwd corruption) via a newline character in the GECOS field. Vulnerabilidad de lista negra incompleta en la función chfn en libuser en versiones anteriores a 0.56.13-8 y 0.60 en versiones anteriores a 0.60-7, tal como se utiliza en el programa userhelp en el paquete usermode, permite a us... • https://packetstorm.news/files/id/147599 • CWE-20: Improper Input Validation CWE-138: Improper Neutralization of Special Elements •
CVSS: 7.8EPSS: 21%CPEs: 7EXPL: 5CVE-2015-3246 – Libuser Library - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2015-3246
23 Jul 2015 — libuser before 0.56.13-8 and 0.60 before 0.60-7, as used in the userhelper program in the usermode package, directly modifies /etc/passwd, which allows local users to cause a denial of service (inconsistent file state) by causing an error during the modification. NOTE: this issue can be combined with CVE-2015-3245 to gain privileges. Vulnerabilidad en libuser en versiones anteriores 0.56.13-8 y 0.60 en versiones anteriores a 0.60.7, tal como se utiliza en el programa userhelper en el paquete usermode, modif... • https://packetstorm.news/files/id/147599 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 3%CPEs: 104EXPL: 1CVE-2011-0002 – libuser creates LDAP users with a default password
https://notcve.org/view.php?id=CVE-2011-0002
22 Jan 2011 — libuser before 0.57 uses a cleartext password value of (1) !! or (2) x for new LDAP user accounts, which makes it easier for remote attackers to obtain access by specifying one of these values. libuser en versiones anteriores a la 0.57 usa la contraseña en texto claro (1) !! o (2) x para cuentas de usuario LDAP nuevas, lo que facilita a atacantes remotos obtener acceso especificando uno de estos valores. • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 • CWE-310: Cryptographic Issues •