ALAS-2015-572 --- usermode libuserID: oval:org.secpod.oval:def:1200030 | Date: (C)2015-12-30 (M)2023-07-28 |
Class: PATCH | Family: unix |
It was found that libuser, as used in the chfn userhelper functionality, does not properly filter out newline characters, which allows an authenticated local attacker to corrupt the /etc/passwd file and cause denial-of-service against the system. A flaw was found in the way the libuser library handled the /etc/passwd file. A local attacker could use an application compiled against libuser to manipulate the /etc/passwd file, which could result in a denial of service or possibly allow the attacker to escalate their privileges to root
Platform: |
Amazon Linux AMI |