Select Page

How to fix libuser root privilege and DoS attack vulnerability

How to fix libuser root privilege and DoS attack vulnerability

Qualys reported on 23rd July an important root privilege escalation vulnerability (CVE-2015-3246), and DoS attack vulnerability (CVE-2015-3245) for Linux servers using RedHat’s libuser package. Here’s how you can protect your CentOS and RedHat server from these vulnerabilities.

What is this vulnerability?

userhelper utility and libuser library in RedHat code repository were found to have vulnerabilities which allows a local user to initiate a DoS attack or escalate the user privilege to root. A proof of concept was released by Qualys, and CentOS and RedHat server administrators are advised to secure their systems ASAP to prevent an exploit.

How to fix it?

RedHat has already released a patch for the libuser package, but CentOS is yet to release an update (as of 14:00 hrs GMT 24th Jul).

Fix in RedHat 6.x and 7.x servers

Update the libuser package using the command below:

# yum update

or to update only libuser package,

# yum update libuser

Fix in in CentOS servers

As an update is not yet available, you can secure your server by using the steps below:

Edit the files /etc/pam.d/chfn and /etc/pam.d/chsh

Add pam_warn and pam_deny rules as shown below after the line auth sufficient

auth required
auth required

We’ll update this article as an when RPM patches are available for CentOS. If you’d like us to check your server for vulnerability and fix this for you, click below to contact us:


Bobcares helps you keep your servers secure through periodic security hardening and by mitigating zero day vulnerabilities.


Bobcares is a server management company that helps businesses deliver uninterrupted and secure online services. Our engineers manage close to 51,500 servers that include virtualized servers, cloud infrastructure, physical server clusters, and more.