It was found that libuser, as used by the chfn userhelper functionality, did not properly filter out newline characters in GECOS fields. A local, authenticated user could use this flaw to corrupt the /etc/passwd file, resulting in a denial-of-service on the system.
Platform | Package | Release Date | Advisory |
---|---|---|---|
Amazon Linux 1 | libuser | 2015-07-23 10:50 | ALAS-2015-572 |
Amazon Linux 1 | usermode | 2015-07-23 10:50 | ALAS-2015-572 |
Score Type | Score | Vector | |
---|---|---|---|
Amazon Linux | CVSSv2 | 1.7 | AV:L/AC:L/Au:S/C:N/I:N/A:P |
NVD | CVSSv2 | 2.1 | AV:L/AC:L/Au:N/C:N/I:N/A:P |