CVE-2015-3246
EPSS 19.6%
Description
libuser before 0.56.13-8 and 0.60 before 0.60-7, as used in the userhelper program in the usermode package, directly modifies /etc/passwd, which allows local users to cause a denial of service (inconsistent file state) by causing an error during the modification. NOTE: this issue can be combined with CVE-2015-3245 to gain privileges.
How to fix CVE-2015-3246
To remediate CVE-2015-3246, upgrade the affected package to a fixed version below.
- Debian/libuser—upgrade to 1:0.62~dfsg-0.1 or later
Is CVE-2015-3246 being exploited?
Moderate — EPSS is 19.6%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (1)
- from 0, < 1:0.62~dfsg-0.1