{
  "threat_severity" : "Important",
  "public_date" : "2015-07-23T00:00:00Z",
  "bugzilla" : {
    "description" : "libuser: Security flaw in handling /etc/passwd file",
    "id" : "1233052",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1233052"
  },
  "cvss" : {
    "cvss_base_score" : "6.8",
    "cvss_scoring_vector" : "AV:L/AC:L/Au:S/C:C/I:C/A:C",
    "status" : "verified"
  },
  "details" : [ "libuser before 0.56.13-8 and 0.60 before 0.60-7, as used in the userhelper program in the usermode package, directly modifies /etc/passwd, which allows local users to cause a denial of service (inconsistent file state) by causing an error during the modification. NOTE: this issue can be combined with CVE-2015-3245 to gain privileges.", "A flaw was found in the way the libuser library handled the /etc/passwd file. A local attacker could use an application compiled against libuser (for example, userhelper) to manipulate the /etc/passwd file, which could result in a denial of service or possibly allow the attacker to escalate their privileges to root." ],
  "statement" : "This issue affects the versions of libuser as shipped with Red Hat Enterprise Linux 5. Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This vulnerability has been rated as having Important security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.",
  "acknowledgement" : "Red Hat would like to thank Qualys for reporting this issue.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2015-07-23T00:00:00Z",
    "advisory" : "RHSA-2015:1482",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "libuser-0:0.56.13-8.el6_7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2015-07-23T00:00:00Z",
    "advisory" : "RHSA-2015:1483",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "libuser-0:0.60-7.ael7b_1"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Will not fix",
    "package_name" : "libuser",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2015-3246\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-3246\nhttps://access.redhat.com/articles/1537873" ],
  "csaw" : true,
  "name" : "CVE-2015-3246",
  "mitigation" : {
    "value" : "Add pam_warn and pam_deny rules to /etc/pam.d/chfn and /etc/pam.d/chsh to prevent non-root users from using this functionality.  With these edits, the files should contain:\nauth       sufficient   pam_rootok.so\nauth required pam_warn.so\nauth required pam_deny.so\nauth       include      system-auth\naccount    include      system-auth\npassword   include      system-auth\nsession    include      system-auth\nAfter these changes, attempts by unprivileged users to use chfn and chsh (and the respective functionality in the userhelper program) will fail, and will be logged (by default in /var/log/secure).",
    "lang" : "en:us"
  }
}