Arch Linux: 201507-19 Critical Advisory for Libuser Privilege Escalation

Arch Linux Security Advisory ASA-201507-19
=========================================
Severity: Critical
Date    : 2015-07-24
CVE-ID  : CVE-2015-3245 CVE-2015-3246
Package : libuser
Type    : multiple issues
Remote  : No
Link    : https://wiki.archlinux.org/title/CVE

Summary
======
The package libuser before version 0.62-1 is vulnerable to privilege
escalation and denial of service.

Resolution
=========
Upgrade to 0.62-1.

# pacman -Syu "libuser>=0.62-1"

The problems have been fixed upstream in version 0.62.

Workaround
=========
None.

Description
==========
- CVE-2015-3245 (denial of service)

It was found that libuser, as used by the chfn userhelper functionality,
did not properly filter out newline characters in GECOS fields. A local,
authenticated user could use this flaw to corrupt the /etc/passwd file,
resulting in a denial-of-service on the system.

- CVE-2015-3246 (privilege escalation)

A flaw was found in the way the libuser library handled the /etc/passwd
file. A local attacker could use an application compiled against libuser
(for example, userhelper) to manipulate the /etc/passwd file, which
could result in a denial of service or possibly allow the attacker to
escalate their privileges to root.

Impact
=====
A local authenticated user is able to use an application compiled
against libuser to escalate privileges to root or perform a
denial-of-service attack on the system by corrupting the /etc/passwd file.

References
=========
https://seclists.org/oss-sec/2015/q3/185
https://access.redhat.com/security/cve/CVE-2015-3245
https://access.redhat.com/security/cve/CVE-2015-3246