{
  "threat_severity" : "Moderate",
  "public_date" : "2015-07-23T00:00:00Z",
  "bugzilla" : {
    "description" : "libuser: does not filter newline characters in the GECOS field",
    "id" : "1233043",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1233043"
  },
  "cvss" : {
    "cvss_base_score" : "1.7",
    "cvss_scoring_vector" : "AV:L/AC:L/Au:S/C:N/I:N/A:P",
    "status" : "verified"
  },
  "cwe" : "CWE-138",
  "details" : [ "Incomplete blacklist vulnerability in the chfn function in libuser before 0.56.13-8 and 0.60 before 0.60-7, as used in the userhelper program in the usermode package, allows local users to cause a denial of service (/etc/passwd corruption) via a newline character in the GECOS field.", "It was found that libuser, as used by the chfn userhelper functionality, did not properly filter out newline characters in GECOS fields. A local, authenticated user could use this flaw to corrupt the /etc/passwd file, resulting in a denial-of-service on the system." ],
  "statement" : "Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This vulnerability has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.",
  "acknowledgement" : "Red Hat would like to thank Qualys for reporting this issue.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2015-07-23T00:00:00Z",
    "advisory" : "RHSA-2015:1482",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "libuser-0:0.56.13-8.el6_7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2015-07-23T00:00:00Z",
    "advisory" : "RHSA-2015:1483",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "libuser-0:0.60-7.ael7b_1"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Will not fix",
    "package_name" : "libuser",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2015-3245\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-3245\nhttps://access.redhat.com/articles/1537873" ],
  "name" : "CVE-2015-3245",
  "mitigation" : {
    "value" : "Add pam_warn and pam_deny rules to /etc/pam.d/chfn and /etc/pam.d/chsh to prevent non-root users from using this functionality.  With these edits, the files should contain:\n#%PAM-1.0\nauth       sufficient   pam_rootok.so\nauth required pam_warn.so\nauth required pam_deny.so\nauth       include      system-auth\naccount    include      system-auth\npassword   include      system-auth\nsession    include      system-auth\nAfterwards, attempts by unprivileged users to use chfn and chsh (and the respective functionality in the userhelper program) will fail, and will be logged (by default in /var/log/secure).",
    "lang" : "en:us"
  },
  "csaw" : false
}