Red Hat Security Blog: July 2015 archives
-
libuser vulnerabilities
Updated 2015-07-24 @ 12:33 UTC It was discovered that the libuser library contains two vulnerabilities which, in combination, allow unprivileged local users to gain root privileges. libuser is a library that provides read and write access to files like /etc/passwd, which constitute the system user and group database. On Red Hat Enterprise Linux it is a central system component. What is being disclosed today? Qualys reported two vulnerabilities: CVE-2015-3245: The userhelper program allows...