All the vulnerabilites related to fedoraproject - sssd
Vulnerability from fkie_nvd
Published
2010-08-30 20:00
Modified
2024-11-21 01:17
Severity ?
Summary
The auth_send function in providers/ldap/ldap_auth.c in System Security Services Daemon (SSSD) 1.3.0, when LDAP authentication and anonymous bind are enabled, allows remote attackers to bypass the authentication requirements of pam_authenticate via an empty password.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fedoraproject | sssd | 1.3.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ABAEE5B2-54DA-4FB5-AD57-D00CAF17EE35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The auth_send function in providers/ldap/ldap_auth.c in System Security Services Daemon (SSSD) 1.3.0, when LDAP authentication and anonymous bind are enabled, allows remote attackers to bypass the authentication requirements of pam_authenticate via an empty password."
},
{
"lang": "es",
"value": "La funci\u00f3n auth_send de providers/ldap/ldap_auth.c de System Security Services Daemon (SSSD) v1.3.0, si la autenticaci\u00f3n LDAP y vinculaciones (bind) an\u00f3nimas est\u00e1n activadas, permite a atacantes remotos evitar los requisitos de autenticaci\u00f3n de pam_authenticate a trav\u00e9s de una contrase\u00f1a vac\u00eda."
}
],
"id": "CVE-2010-2940",
"lastModified": "2024-11-21T01:17:41.927",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-08-30T20:00:02.390",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/41159"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=625189"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61399"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/41159"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=625189"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61399"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-01-25 01:00
Modified
2024-11-21 01:20
Severity ?
Summary
The pam_parse_in_data_v2 function in src/responder/pam/pamsrv_cmd.c in the PAM responder in SSSD 1.5.0, 1.4.x, and 1.3 allows local users to cause a denial of service (infinite loop, crash, and login prevention) via a crafted packet.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fedorahosted | sssd | 1.4.0 | |
| fedorahosted | sssd | 1.4.1 | |
| fedoraproject | sssd | 1.3.0 | |
| fedoraproject | sssd | 1.5.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fedorahosted:sssd:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B685E760-22B4-4064-B825-750C6B309420",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedorahosted:sssd:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5885BF9D-969A-4FEF-A8F5-8004644B551B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ABAEE5B2-54DA-4FB5-AD57-D00CAF17EE35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C38007C8-061C-4D6D-BC6B-83475E165A3C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The pam_parse_in_data_v2 function in src/responder/pam/pamsrv_cmd.c in the PAM responder in SSSD 1.5.0, 1.4.x, and 1.3 allows local users to cause a denial of service (infinite loop, crash, and login prevention) via a crafted packet."
},
{
"lang": "es",
"value": "La funci\u00f3n pam_parse_in_data_v2 en src/responder/pam/pamsrv_cmd.c en el PAM responder en SSSD v.1.5.0, v.1.4.x, y v.1.3 permite a usuarios locales provocar una denegaci\u00f3n de servicio (bucle infinito, ca\u00edda, y prevenci\u00f3n de login) a trav\u00e9s de paquetes manipulados."
}
],
"id": "CVE-2010-4341",
"lastModified": "2024-11-21T01:20:44.133",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-01-25T01:00:01.737",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053319.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053337.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43053"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43055"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/43068"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0560.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0975.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/45961"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0197"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2011/0212"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=661163"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64881"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053319.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053337.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43053"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43055"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/43068"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0560.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0975.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/45961"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0197"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2011/0212"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=661163"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64881"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-07-27 16:29
Modified
2024-11-21 03:08
Severity ?
4.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
It was found that sssd's sysdb_search_user_by_upn_res() function before 1.16.0 did not sanitize requests when querying its local cache and was vulnerable to injection. In a centralized login environment, if a password hash was locally cached for a given user, an authenticated attacker could use this flaw to retrieve it.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://access.redhat.com/errata/RHSA-2017:3379 | Vendor Advisory | |
| secalert@redhat.com | https://access.redhat.com/errata/RHSA-2018:1877 | Vendor Advisory | |
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12173 | Issue Tracking, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2017:3379 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2018:1877 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12173 | Issue Tracking, Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | enterprise_linux_desktop | 6.0 | |
| redhat | enterprise_linux_desktop | 7.0 | |
| redhat | enterprise_linux_server | 6.0 | |
| redhat | enterprise_linux_server | 7.0 | |
| redhat | enterprise_linux_server_aus | 7.4 | |
| redhat | enterprise_linux_server_eus | 7.4 | |
| redhat | enterprise_linux_server_eus | 7.5 | |
| redhat | enterprise_linux_workstation | 6.0 | |
| redhat | enterprise_linux_workstation | 7.0 | |
| fedoraproject | sssd | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9EC0D196-F7B8-4BDD-9050-779F7A7FBEE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A4E9DD8A-A68B-4A69-8B01-BFF92A2020A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C0C01FF2-083A-462F-AAC5-37C36BC966FF",
"versionEndExcluding": "1.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "It was found that sssd\u0027s sysdb_search_user_by_upn_res() function before 1.16.0 did not sanitize requests when querying its local cache and was vulnerable to injection. In a centralized login environment, if a password hash was locally cached for a given user, an authenticated attacker could use this flaw to retrieve it."
},
{
"lang": "es",
"value": "Se ha encontrado que la funci\u00f3n sysdb_search_user_by_upn_res() de sssd en versiones anteriores a la 1.16.0 no saneaba las peticiones al consultar su cach\u00e9 local y era vulnerable a inyecciones. En un entorno de inicio de sesi\u00f3n centralizado, si un hash de contrase\u00f1a se almacenaba en la cach\u00e9 local de un usuario determinado, un atacante autenticado pod\u00eda utilizar este error para recuperarlo."
}
],
"id": "CVE-2017-12173",
"lastModified": "2024-11-21T03:08:59.020",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-07-27T16:29:00.257",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3379"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1877"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12173"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3379"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1877"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12173"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-20"
},
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-12-26 21:15
Modified
2024-11-21 01:40
Severity ?
Summary
A flaw was found in SSSD version 1.9.0. The SSSD's access-provider logic causes the result of the HBAC rule processing to be ignored in the event that the access-provider is also handling the setup of the user's SELinux user context.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://access.redhat.com/security/cve/cve-2012-3462 | Broken Link, Third Party Advisory | |
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-3462 | Exploit, Issue Tracking, Patch | |
| secalert@redhat.com | https://pagure.io/SSSD/sssd/issue/1470 | Exploit, Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/security/cve/cve-2012-3462 | Broken Link, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-3462 | Exploit, Issue Tracking, Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://pagure.io/SSSD/sssd/issue/1470 | Exploit, Issue Tracking, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fedoraproject | sssd | 1.9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:1.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "288395D1-C084-48F5-B266-24CF02151F1E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in SSSD version 1.9.0. The SSSD\u0027s access-provider logic causes the result of the HBAC rule processing to be ignored in the event that the access-provider is also handling the setup of the user\u0027s SELinux user context."
},
{
"lang": "es",
"value": "Se encontr\u00f3 un fallo en SSSD versi\u00f3n 1.9.0. La l\u00f3gica del proveedor de acceso de SSSD causa que el resultado del procesamiento de la regla HBAC sea ignorado en la situaci\u00f3n en que el proveedor de acceso tambi\u00e9n est\u00e9 manejando la configuraci\u00f3n del contexto de usuario SELinux del usuario."
}
],
"id": "CVE-2012-3462",
"lastModified": "2024-11-21T01:40:55.580",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-12-26T21:15:10.993",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/cve-2012-3462"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Issue Tracking",
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-3462"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://pagure.io/SSSD/sssd/issue/1470"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/cve-2012-3462"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-3462"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://pagure.io/SSSD/sssd/issue/1470"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-12-23 21:15
Modified
2024-11-21 06:22
Severity ?
Summary
A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs-fetch and cache-expire subcommands. This flaw allows an attacker to trick the root user into running a specially crafted sssctl command, such as via sudo, to gain root access. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=1975142 | Issue Tracking, Patch, Third Party Advisory | |
| secalert@redhat.com | https://lists.debian.org/debian-lts-announce/2023/05/msg00028.html | Third Party Advisory | |
| secalert@redhat.com | https://sssd.io/release-notes/sssd-2.6.0.html | Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1975142 | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2023/05/msg00028.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://sssd.io/release-notes/sssd-2.6.0.html | Release Notes, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fedoraproject | sssd | 2.6.0 | |
| redhat | virtualization | 4.0 | |
| redhat | virtualization_host | 4.0 | |
| redhat | enterprise_linux | 6.0 | |
| redhat | enterprise_linux | 7.0 | |
| redhat | enterprise_linux | 8.0 | |
| redhat | enterprise_linux_eus | 8.1 | |
| redhat | enterprise_linux_eus | 8.2 | |
| redhat | enterprise_linux_server_aus | 8.2 | |
| redhat | enterprise_linux_server_aus | 8.4 | |
| redhat | enterprise_linux_server_tus | 8.2 | |
| redhat | enterprise_linux_server_tus | 8.4 | |
| fedoraproject | fedora | 34 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ABE9C314-FAD9-476A-899B-59ECA2F999F0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6BBD7A51-0590-4DDF-8249-5AFA8D645CB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BB28F9AF-3D06-4532-B397-96D7E4792503",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "92BC9265-6959-4D37-BE5E-8C45E98992F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "831F0F47-3565-4763-B16F-C87B1FF2035E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6897676D-53F9-45B3-B27F-7FF9A4C58D33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E28F226A-CBC7-4A32-BE58-398FA5B42481",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B09ACF2D-D83F-4A86-8185-9569605D8EE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AC10D919-57FD-4725-B8D2-39ECB476902F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
"matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs-fetch and cache-expire subcommands. This flaw allows an attacker to trick the root user into running a specially crafted sssctl command, such as via sudo, to gain root access. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability."
},
{
"lang": "es",
"value": "Se encontr\u00f3 un fallo en SSSD, donde el comando sssctl era vulnerable a la inyecci\u00f3n de comandos de shell por medio de los subcomandos logs-fetch y cache-expire. Este fallo permite a un atacante enga\u00f1ar al usuario root para que ejecute un comando sssctl especialmente dise\u00f1ado, por ejemplo por medio de sudo, para conseguir acceso de root. La mayor amenaza de esta vulnerabilidad es para la confidencialidad, la integridad y la disponibilidad del sistema"
}
],
"id": "CVE-2021-3621",
"lastModified": "2024-11-21T06:22:00.150",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-12-23T21:15:08.920",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1975142"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00028.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://sssd.io/release-notes/sssd-2.6.0.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1975142"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00028.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://sssd.io/release-notes/sssd-2.6.0.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-02-24 19:55
Modified
2024-11-21 01:47
Severity ?
Summary
System Security Services Daemon (SSSD) before 1.9.4, when (1) creating, (2) copying, or (3) removing a user home directory tree, allows local users to create, modify, or delete arbitrary files via a symlink attack on another user's files.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:*:*:*:*:*:*:*:*",
"matchCriteriaId": "71D26FCE-B49C-440F-9BDD-545346B34F03",
"versionEndIncluding": "1.9.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:0.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "516466B9-5183-4F5B-A64E-836B365AC015",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5BE12795-5A6C-4EF6-86E1-A04FFEF853B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1BC55E33-CF2F-4749-8CAE-510A35697B87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:0.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F37B00AF-51D5-4FBC-8335-23FB49A2BE97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:0.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2B2D3AAE-5B5B-4737-B24C-873B1B28DDF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D55E385B-87E0-4088-878F-0466BF05FC37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:0.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3E85F048-BEB3-4D35-954E-E4FFF2B7A9F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:0.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CB6E070E-DB2B-4AFB-9E80-1061D51E572D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:0.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0C6B15E7-C558-4B8C-9F25-B6B0F7D4DAE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F4135B52-D2B0-4B38-AB94-294EDCF65C0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:0.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6FA1CC29-EDF9-41F7-9EDC-79B7F7DAF232",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5E096D40-0543-423E-B3DD-21EEFA1760FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:0.99.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D519F093-C7E2-4F98-B64E-457B41FC52F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:0.99.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F978466E-8AEA-4FA8-AD0F-2798CD5EEF03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3A301168-1345-4FE9-9E0E-8AADD698C59A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E8C082CF-28D6-40EE-B7F4-C91B84596731",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4ECB1E88-66A4-49DD-837D-9B3ACE435E4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "45EE589F-FC9B-4C54-A1DD-2843B24BB3D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AD38D75C-996F-4C16-A781-976E26825894",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0183AE7C-E9E6-43D4-BBD8-1746C6FF6A94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3F27CA10-EDB9-4490-B99F-686D355CDC4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:1.0.99:*:*:*:*:*:*:*",
"matchCriteriaId": "BADE09B6-1BC9-4332-B7D6-0D50A5A69E59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B08A8BE5-381D-4A4F-9D54-6231B17793B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C0C9BCBA-8A11-49CA-A019-16F78A65F369",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18B12A-82C6-4F97-B9B1-AA1390EFB129",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:1.1.91:*:*:*:*:*:*:*",
"matchCriteriaId": "64127A7C-A984-4BD5-B3E6-3976AFAE07B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:1.1.92:*:*:*:*:*:*:*",
"matchCriteriaId": "12A5A326-2387-468B-BDF5-ACD2D104F6D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D347DF6E-C425-444B-A25D-7958D7B4EAC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C3DC738E-A68E-4ED9-8A5F-0888A4B6180B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F40B3E3B-E803-44B3-99E8-DD6A08F018B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "23F5EDBE-2D5F-4878-B7D8-4F9A6872DBA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "062BBB63-39E9-41F6-BF9F-141FA8033E26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:1.2.91:*:*:*:*:*:*:*",
"matchCriteriaId": "FD371750-E79F-432F-81DF-397A0F200E75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ABAEE5B2-54DA-4FB5-AD57-D00CAF17EE35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DEABA055-C1EF-4E8D-88DC-FB542D6F91C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "313BCCE7-6B8C-47DD-BB54-7B390D131BB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9507DCBF-45C9-43BF-8E89-9C480EBC4F09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C38007C8-061C-4D6D-BC6B-83475E165A3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D8F39928-292C-4B1E-849F-4CB7534558B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "19ACB702-62F5-4614-9CB9-AC07CCEBB399",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:1.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0524C067-9992-40F1-BC7A-EE382251151B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:1.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "74298682-9BFF-4F81-B387-BA0B036619E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:1.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "BC55E83E-AAA5-4228-8283-57EBFCE1EEE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:1.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AFB0D128-F08B-41C1-B8A1-3FD7845B3F37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:1.5.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "30FC0A62-9332-46F8-8415-50742BBDFC88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:1.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "4C0E2D4D-7C14-45E8-9E6D-BE7357AD1FA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:1.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "FFA871AC-FD8D-4F1E-9F84-B35E08568E5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:1.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "6B1FF7F0-6E19-4FB4-9E90-8188C1841C5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:1.5.10:*:*:*:*:*:*:*",
"matchCriteriaId": "7065AF03-99E9-4DE2-B58D-CBB15D5FCCE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:1.5.11:*:*:*:*:*:*:*",
"matchCriteriaId": "6F918F06-9860-4959-98C7-9E922A92424E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:1.5.12:*:*:*:*:*:*:*",
"matchCriteriaId": "14D2B8A8-9F5C-4970-BD6D-FEB6E4E9D419",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:1.5.13:*:*:*:*:*:*:*",
"matchCriteriaId": "3021B870-7141-442E-9ABC-CD0538374CCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:1.5.14:*:*:*:*:*:*:*",
"matchCriteriaId": "3D2C6D84-CD12-4201-BCCB-2613865734E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:1.5.15:*:*:*:*:*:*:*",
"matchCriteriaId": "F903EC2A-630A-4CE0-A4BE-2128A1A449B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:1.5.16:*:*:*:*:*:*:*",
"matchCriteriaId": "EE291086-6188-48A2-9A71-317AE4150263",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:1.5.17:*:*:*:*:*:*:*",
"matchCriteriaId": "F39C4381-3F9C-4A18-BAA0-6768E2227096",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DA72408F-B759-4238-ADBE-5896EB8D9359",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CDA8D7C7-BA09-432B-9956-3EAFEB56B039",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:1.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C841BCE7-ACFA-48FC-9916-6743D53121BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:1.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "82059BE6-E075-42B3-A29E-AE88BBE1BE32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:1.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DCDCCFAB-5293-43F9-AD9F-4FB06E58FC0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:1.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3B55D998-4648-42C4-BC90-8D2D3DF92805",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:1.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "082EECD4-0BA0-4467-9EEB-847A34A04906",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:1.8.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "97360F6C-BA99-4A58-94E1-FBDAEF4DF040",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:1.8.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "35CF5A7B-CB64-41E5-9B14-DE396F321A4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:1.8.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "44525CA2-BB2C-41F4-93A0-F0CF336C3011",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:1.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "79971450-4FA4-4A0B-9761-F6C261D98C3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:1.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6C6667AA-89D8-4EB2-ACED-9D37882D528D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:1.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "348E8F83-EA66-4F90-A340-6925F1A29E50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:1.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4D6FADD7-F0CF-4F78-8126-DDAFB098D943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:1.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "602BA6C0-A0B1-4573-92EB-FFB35E40ED2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:1.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "EFCFE36E-24BE-4092-B535-2EB8612E5EFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:1.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "288395D1-C084-48F5-B266-24CF02151F1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:1.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FB813D7A-8048-4C24-BAED-D85999710F0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:1.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FF7C04C5-0777-4ED5-A40B-81FCF625ECCF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:5:*:*:*:*:*:*:*",
"matchCriteriaId": "AA9B3CC0-DF1C-4A86-B2A3-A9D428A5A6E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "System Security Services Daemon (SSSD) before 1.9.4, when (1) creating, (2) copying, or (3) removing a user home directory tree, allows local users to create, modify, or delete arbitrary files via a symlink attack on another user\u0027s files."
},
{
"lang": "es",
"value": "System Security Services Daemon (SSSD) anterior a v1.9.4, cuando (1) se crea, (2) copia, o (3) elimina el directorio home de usuario, permite a usuarios locales crear, modificar o eliminar ficheros arbitrarios mediante un ataque de enlace simb\u00f3licos sobre otros ficheros del usuario."
}
],
"evaluatorComment": "Per https://access.redhat.com/security/cve/CVE-2013-0219\r\n\r\nThis issue affects the version of sssd shipped with Red Hat Enterprise Linux 5 and 6.\r\n",
"id": "CVE-2013-0219",
"lastModified": "2024-11-21T01:47:05.450",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.7,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 1.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-02-24T19:55:01.237",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://git.fedorahosted.org/cgit/sssd.git/commit/?id=020bf88fd1c5bdac8fc671b37c7118f5378c7047"
},
{
"source": "secalert@redhat.com",
"url": "http://git.fedorahosted.org/cgit/sssd.git/commit/?id=3843b284cd3e8f88327772ebebc7249990fd87b9"
},
{
"source": "secalert@redhat.com",
"url": "http://git.fedorahosted.org/cgit/sssd.git/commit/?id=94cbf1cfb0f88c967f1fb0a4cf23723148868e4a"
},
{
"source": "secalert@redhat.com",
"url": "http://git.fedorahosted.org/cgit/sssd.git/commit/?id=e864d914a44a37016736554e9257c06b18c57d37"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098434.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098613.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0508.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1319.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/51928"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/52315"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/57539"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=884254"
},
{
"source": "secalert@redhat.com",
"url": "https://fedorahosted.org/sssd/ticket/1782"
},
{
"source": "secalert@redhat.com",
"url": "https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://git.fedorahosted.org/cgit/sssd.git/commit/?id=020bf88fd1c5bdac8fc671b37c7118f5378c7047"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://git.fedorahosted.org/cgit/sssd.git/commit/?id=3843b284cd3e8f88327772ebebc7249990fd87b9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://git.fedorahosted.org/cgit/sssd.git/commit/?id=94cbf1cfb0f88c967f1fb0a4cf23723148868e4a"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://git.fedorahosted.org/cgit/sssd.git/commit/?id=e864d914a44a37016736554e9257c06b18c57d37"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098434.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098613.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0508.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1319.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/51928"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/52315"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/57539"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=884254"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://fedorahosted.org/sssd/ticket/1782"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.4"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-05-26 18:55
Modified
2024-11-21 01:26
Severity ?
Summary
The krb5_save_ccname_done function in providers/krb5/krb5_auth.c in System Security Services Daemon (SSSD) 1.5.x before 1.5.7, when automatic ticket renewal and offline authentication are configured, uses a pathname string as a password, which allows local users to bypass Kerberos authentication by listing the /tmp directory to obtain the pathname.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fedoraproject | sssd | 1.5.0 | |
| fedoraproject | sssd | 1.5.1 | |
| fedoraproject | sssd | 1.5.2 | |
| fedoraproject | sssd | 1.5.3 | |
| fedoraproject | sssd | 1.5.4 | |
| fedoraproject | sssd | 1.5.5 | |
| fedoraproject | sssd | 1.5.6 | |
| fedoraproject | sssd | 1.5.6.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C38007C8-061C-4D6D-BC6B-83475E165A3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D8F39928-292C-4B1E-849F-4CB7534558B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "19ACB702-62F5-4614-9CB9-AC07CCEBB399",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:1.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0524C067-9992-40F1-BC7A-EE382251151B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:1.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "74298682-9BFF-4F81-B387-BA0B036619E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:1.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "BC55E83E-AAA5-4228-8283-57EBFCE1EEE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:1.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AFB0D128-F08B-41C1-B8A1-3FD7845B3F37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:1.5.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "30FC0A62-9332-46F8-8415-50742BBDFC88",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The krb5_save_ccname_done function in providers/krb5/krb5_auth.c in System Security Services Daemon (SSSD) 1.5.x before 1.5.7, when automatic ticket renewal and offline authentication are configured, uses a pathname string as a password, which allows local users to bypass Kerberos authentication by listing the /tmp directory to obtain the pathname."
},
{
"lang": "es",
"value": "La funci\u00f3n krb5_save_ccname_done en providers/krb5/krb5_auth.c en el Security Services Daemon (SSSD) v1.5.x anteriores a v1.5.7 1.5.x, cuando la renovaci\u00f3n autom\u00e1tica de tickets la autenticaci\u00f3n fuera de l\u00ednea est\u00e1 configurada, utiliza una cadena de ruta como contrase\u00f1a, lo que permite a usuarios locales eludir la autenticaci\u00f3n Kerberos listando el directorio /tmp para obtener la ruta de acceso."
}
],
"id": "CVE-2011-1758",
"lastModified": "2024-11-21T01:26:58.030",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.7,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 1.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-05-26T18:55:02.237",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://git.fedorahosted.org/git/?p=sssd.git%3Ba=commit%3Bh=fffdae81651b460f3d2c119c56d5caa09b4de42a"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-May/059532.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-May/059619.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://openwall.com/lists/oss-security/2011/04/29/4"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=700867"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=700891"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://fedorahosted.org/pipermail/sssd-devel/2011-April/006138.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://fedorahosted.org/sssd/ticket/856"
},
{
"source": "secalert@redhat.com",
"url": "https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://git.fedorahosted.org/git/?p=sssd.git%3Ba=commit%3Bh=fffdae81651b460f3d2c119c56d5caa09b4de42a"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-May/059532.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-May/059619.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://openwall.com/lists/oss-security/2011/04/29/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=700867"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=700891"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://fedorahosted.org/pipermail/sssd-devel/2011-April/006138.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://fedorahosted.org/sssd/ticket/856"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.7"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-03-25 18:29
Modified
2024-11-21 03:53
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Summary
A flaw was found in sssd Group Policy Objects implementation. When the GPO is not readable by SSSD due to a too strict permission settings on the server side, SSSD will allow all authenticated users to login instead of denying access.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fedoraproject | sssd | - | |
| redhat | enterprise_linux | 7.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B0ABAA03-C8E0-4281-AF60-D29246CA6B2D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in sssd Group Policy Objects implementation. When the GPO is not readable by SSSD due to a too strict permission settings on the server side, SSSD will allow all authenticated users to login instead of denying access."
},
{
"lang": "es",
"value": "Se ha encontrado un error en la implementaci\u00f3n de sssd Group Policy Objects. Cuando el GPO no puede ser le\u00eddo por SSSD debido a ajustes de permisos demasiado estrictos del lado del servidor, SSSD permitir\u00e1 que todos los usuarios autenticados inicien sesi\u00f3n, en lugar de denegar el acceso."
}
],
"id": "CVE-2018-16838",
"lastModified": "2024-11-21T03:53:24.937",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-03-25T18:29:00.433",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00042.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00051.html"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2019:2177"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2019:2437"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2019:3651"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16838"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00028.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00042.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00051.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2019:2177"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2019:2437"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2019:3651"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16838"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00028.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-02-24 19:55
Modified
2024-11-21 01:47
Severity ?
Summary
The (1) sss_autofs_cmd_getautomntent and (2) sss_autofs_cmd_getautomntbyname function in responder/autofs/autofssrv_cmd.c and the (3) ssh_cmd_parse_request function in responder/ssh/sshsrv_cmd.c in System Security Services Daemon (SSSD) before 1.9.4 allow remote attackers to cause a denial of service (out-of-bounds read, crash, and restart) via a crafted SSSD packet.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:*:*:*:*:*:*:*:*",
"matchCriteriaId": "71D26FCE-B49C-440F-9BDD-545346B34F03",
"versionEndIncluding": "1.9.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:0.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "516466B9-5183-4F5B-A64E-836B365AC015",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5BE12795-5A6C-4EF6-86E1-A04FFEF853B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1BC55E33-CF2F-4749-8CAE-510A35697B87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:0.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F37B00AF-51D5-4FBC-8335-23FB49A2BE97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:0.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2B2D3AAE-5B5B-4737-B24C-873B1B28DDF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D55E385B-87E0-4088-878F-0466BF05FC37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:0.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3E85F048-BEB3-4D35-954E-E4FFF2B7A9F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:0.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CB6E070E-DB2B-4AFB-9E80-1061D51E572D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:0.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0C6B15E7-C558-4B8C-9F25-B6B0F7D4DAE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F4135B52-D2B0-4B38-AB94-294EDCF65C0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:0.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6FA1CC29-EDF9-41F7-9EDC-79B7F7DAF232",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5E096D40-0543-423E-B3DD-21EEFA1760FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:0.99.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D519F093-C7E2-4F98-B64E-457B41FC52F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:0.99.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F978466E-8AEA-4FA8-AD0F-2798CD5EEF03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3A301168-1345-4FE9-9E0E-8AADD698C59A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E8C082CF-28D6-40EE-B7F4-C91B84596731",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4ECB1E88-66A4-49DD-837D-9B3ACE435E4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "45EE589F-FC9B-4C54-A1DD-2843B24BB3D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AD38D75C-996F-4C16-A781-976E26825894",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0183AE7C-E9E6-43D4-BBD8-1746C6FF6A94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3F27CA10-EDB9-4490-B99F-686D355CDC4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:1.0.99:*:*:*:*:*:*:*",
"matchCriteriaId": "BADE09B6-1BC9-4332-B7D6-0D50A5A69E59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B08A8BE5-381D-4A4F-9D54-6231B17793B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C0C9BCBA-8A11-49CA-A019-16F78A65F369",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18B12A-82C6-4F97-B9B1-AA1390EFB129",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:1.1.91:*:*:*:*:*:*:*",
"matchCriteriaId": "64127A7C-A984-4BD5-B3E6-3976AFAE07B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:1.1.92:*:*:*:*:*:*:*",
"matchCriteriaId": "12A5A326-2387-468B-BDF5-ACD2D104F6D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D347DF6E-C425-444B-A25D-7958D7B4EAC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C3DC738E-A68E-4ED9-8A5F-0888A4B6180B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F40B3E3B-E803-44B3-99E8-DD6A08F018B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "23F5EDBE-2D5F-4878-B7D8-4F9A6872DBA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "062BBB63-39E9-41F6-BF9F-141FA8033E26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:1.2.91:*:*:*:*:*:*:*",
"matchCriteriaId": "FD371750-E79F-432F-81DF-397A0F200E75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ABAEE5B2-54DA-4FB5-AD57-D00CAF17EE35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DEABA055-C1EF-4E8D-88DC-FB542D6F91C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "313BCCE7-6B8C-47DD-BB54-7B390D131BB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9507DCBF-45C9-43BF-8E89-9C480EBC4F09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C38007C8-061C-4D6D-BC6B-83475E165A3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D8F39928-292C-4B1E-849F-4CB7534558B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "19ACB702-62F5-4614-9CB9-AC07CCEBB399",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:1.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0524C067-9992-40F1-BC7A-EE382251151B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:1.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "74298682-9BFF-4F81-B387-BA0B036619E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:1.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "BC55E83E-AAA5-4228-8283-57EBFCE1EEE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:1.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AFB0D128-F08B-41C1-B8A1-3FD7845B3F37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:1.5.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "30FC0A62-9332-46F8-8415-50742BBDFC88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:1.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "4C0E2D4D-7C14-45E8-9E6D-BE7357AD1FA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:1.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "FFA871AC-FD8D-4F1E-9F84-B35E08568E5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:1.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "6B1FF7F0-6E19-4FB4-9E90-8188C1841C5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:1.5.10:*:*:*:*:*:*:*",
"matchCriteriaId": "7065AF03-99E9-4DE2-B58D-CBB15D5FCCE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:1.5.11:*:*:*:*:*:*:*",
"matchCriteriaId": "6F918F06-9860-4959-98C7-9E922A92424E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:1.5.12:*:*:*:*:*:*:*",
"matchCriteriaId": "14D2B8A8-9F5C-4970-BD6D-FEB6E4E9D419",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:1.5.13:*:*:*:*:*:*:*",
"matchCriteriaId": "3021B870-7141-442E-9ABC-CD0538374CCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:1.5.14:*:*:*:*:*:*:*",
"matchCriteriaId": "3D2C6D84-CD12-4201-BCCB-2613865734E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:1.5.15:*:*:*:*:*:*:*",
"matchCriteriaId": "F903EC2A-630A-4CE0-A4BE-2128A1A449B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:1.5.16:*:*:*:*:*:*:*",
"matchCriteriaId": "EE291086-6188-48A2-9A71-317AE4150263",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:1.5.17:*:*:*:*:*:*:*",
"matchCriteriaId": "F39C4381-3F9C-4A18-BAA0-6768E2227096",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DA72408F-B759-4238-ADBE-5896EB8D9359",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CDA8D7C7-BA09-432B-9956-3EAFEB56B039",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:1.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C841BCE7-ACFA-48FC-9916-6743D53121BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:1.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "82059BE6-E075-42B3-A29E-AE88BBE1BE32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:1.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DCDCCFAB-5293-43F9-AD9F-4FB06E58FC0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:1.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3B55D998-4648-42C4-BC90-8D2D3DF92805",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:1.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "082EECD4-0BA0-4467-9EEB-847A34A04906",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:1.8.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "97360F6C-BA99-4A58-94E1-FBDAEF4DF040",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:1.8.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "35CF5A7B-CB64-41E5-9B14-DE396F321A4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:1.8.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "44525CA2-BB2C-41F4-93A0-F0CF336C3011",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:1.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "79971450-4FA4-4A0B-9761-F6C261D98C3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:1.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6C6667AA-89D8-4EB2-ACED-9D37882D528D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:1.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "348E8F83-EA66-4F90-A340-6925F1A29E50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:1.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4D6FADD7-F0CF-4F78-8126-DDAFB098D943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:1.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "602BA6C0-A0B1-4573-92EB-FFB35E40ED2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:1.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "EFCFE36E-24BE-4092-B535-2EB8612E5EFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:1.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "288395D1-C084-48F5-B266-24CF02151F1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:1.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FB813D7A-8048-4C24-BAED-D85999710F0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:1.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FF7C04C5-0777-4ED5-A40B-81FCF625ECCF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The (1) sss_autofs_cmd_getautomntent and (2) sss_autofs_cmd_getautomntbyname function in responder/autofs/autofssrv_cmd.c and the (3) ssh_cmd_parse_request function in responder/ssh/sshsrv_cmd.c in System Security Services Daemon (SSSD) before 1.9.4 allow remote attackers to cause a denial of service (out-of-bounds read, crash, and restart) via a crafted SSSD packet."
},
{
"lang": "es",
"value": "La funci\u00f3n (1) sss_autofs_cmd_getautomntent y (2) sss_autofs_cmd_getautomntbyname en responder/autofs/autofssrv_cmd.c y la funci\u00f3n (3) ssh_cmd_parse_request en responder/ssh/sshsrv_cmd.c en System Security Services Daemon (SSSD) anterior a v1.9.4 permite a atacantes remotos generar una denegaci\u00f3n de servicio (lectura fuera de los l\u00edmites, ca\u00edda y reinicio) mediante una paquete SSSD especialmente dise\u00f1ado."
}
],
"id": "CVE-2013-0220",
"lastModified": "2024-11-21T01:47:05.613",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-02-24T19:55:01.300",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://git.fedorahosted.org/cgit/sssd.git/commit/?id=2bd514cfde1938b1e245af11c9b548d58d49b325"
},
{
"source": "secalert@redhat.com",
"url": "http://git.fedorahosted.org/cgit/sssd.git/commit/?id=30e2585dd46b62aa3a4abdf6de3f40a20e1743ab"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098434.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098613.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0508.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/51928"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/52315"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/57539"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=884601"
},
{
"source": "secalert@redhat.com",
"url": "https://fedorahosted.org/sssd/ticket/1781"
},
{
"source": "secalert@redhat.com",
"url": "https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://git.fedorahosted.org/cgit/sssd.git/commit/?id=2bd514cfde1938b1e245af11c9b548d58d49b325"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://git.fedorahosted.org/cgit/sssd.git/commit/?id=30e2585dd46b62aa3a4abdf6de3f40a20e1743ab"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098434.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098613.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0508.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/51928"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/52315"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/57539"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=884601"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://fedorahosted.org/sssd/ticket/1781"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.4"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-10-29 16:59
Modified
2024-11-21 02:32
Severity ?
Summary
Memory leak in the Privilege Attribute Certificate (PAC) responder plugin (sssd_pac_plugin.so) in System Security Services Daemon (SSSD) 1.10 before 1.13.1 allows remote authenticated users to cause a denial of service (memory consumption) via a large number of logins that trigger parsing of PAC blobs during Kerberos authentication.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fedoraproject | sssd | 1.10.0 | |
| fedoraproject | sssd | 1.10.1 | |
| fedoraproject | sssd | 1.11.0 | |
| fedoraproject | sssd | 1.11.1 | |
| fedoraproject | sssd | 1.11.2 | |
| fedoraproject | sssd | 1.11.3 | |
| fedoraproject | sssd | 1.11.4 | |
| fedoraproject | sssd | 1.11.5 | |
| fedoraproject | sssd | 1.11.6 | |
| fedoraproject | sssd | 1.11.7 | |
| fedoraproject | sssd | 1.12.0 | |
| fedoraproject | sssd | 1.12.1 | |
| fedoraproject | sssd | 1.12.2 | |
| fedoraproject | sssd | 1.12.3 | |
| fedoraproject | sssd | 1.12.4 | |
| fedoraproject | sssd | 1.12.5 | |
| fedoraproject | sssd | 1.13.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:1.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5AFCDECF-26E1-4B23-A91D-F8DD668DF32A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:1.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B1590881-C44A-446E-BAF6-5CE59DAF6A66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:1.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C32B676B-97B6-48AA-BE8D-743FE52B4438",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:1.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E963CF03-E0DC-4BEE-AAE3-DF09B2F57767",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:1.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0968753D-BA33-4D0B-849C-FC9B7EBDC70D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:1.11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3B96047C-CA3E-4708-8EB3-F33CD0BE0FE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:1.11.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FFAD8539-1CEC-454E-BA68-8D8B6033751E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:1.11.5:*:*:*:*:*:*:*",
"matchCriteriaId": "81824ADB-8797-45B0-9B83-953F899A00D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:1.11.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1890E09D-3AD6-4C46-AD2F-C89DCC436C02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:1.11.7:*:*:*:*:*:*:*",
"matchCriteriaId": "8041D271-F9DF-452F-BC4E-9F69B4A0F3A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:1.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2783866D-0DE2-4E92-90CB-53DA9B914A21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:1.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2C7D641D-E018-4EC1-9416-5C788C9F1107",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:1.12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4C81F4DF-4190-4D9B-8C1B-CD51B4678B93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:1.12.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F52B44E7-71AB-4028-B9A3-E80508EF0AE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:1.12.4:*:*:*:*:*:*:*",
"matchCriteriaId": "68D7CEC8-8D38-451D-B9C3-A68224125906",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:1.12.5:*:*:*:*:*:*:*",
"matchCriteriaId": "09EAA45E-0F9E-4E04-BB81-C91E3357B030",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:1.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9E3A3029-5612-47C4-8F32-0209F4733AF7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Memory leak in the Privilege Attribute Certificate (PAC) responder plugin (sssd_pac_plugin.so) in System Security Services Daemon (SSSD) 1.10 before 1.13.1 allows remote authenticated users to cause a denial of service (memory consumption) via a large number of logins that trigger parsing of PAC blobs during Kerberos authentication."
},
{
"lang": "es",
"value": "Fuga de memoria en el plugin en Privilege Attribute Certificate (PAC) responder (sssd_pac_plugin.so) en System Security Services Daemon (SSSD) 1.10 en versiones anteriores a 1.13.1 permite a usuarios remotos autenticados provocar una denegaci\u00f3n de servicio (consumo de memoria) a trav\u00e9s de un gran n\u00famero de logins que desencadenan an\u00e1lisis gramaticales de blobs de PAC durante la autenticaci\u00f3n Kerberos."
}
],
"id": "CVE-2015-5292",
"lastModified": "2024-11-21T02:32:43.733",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-10-29T16:59:00.117",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169110.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169597.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169613.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://permalink.gmane.org/gmane.linux.redhat.sssd.user/3422"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2015-2019.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2015-2355.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/77529"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securitytracker.com/id/1034038"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1267580"
},
{
"source": "secalert@redhat.com",
"url": "https://fedorahosted.org/sssd/attachment/ticket/2803/0001-Fix-memory-leak-in-sssdpac_verify.patch"
},
{
"source": "secalert@redhat.com",
"url": "https://fedorahosted.org/sssd/ticket/2803"
},
{
"source": "secalert@redhat.com",
"url": "https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169110.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169597.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169613.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://permalink.gmane.org/gmane.linux.redhat.sssd.user/3422"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2015-2019.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2015-2355.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/77529"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1034038"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1267580"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://fedorahosted.org/sssd/attachment/ticket/2803/0001-Fix-memory-leak-in-sssdpac_verify.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://fedorahosted.org/sssd/ticket/2803"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.1"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-01-14 18:30
Modified
2024-11-21 01:11
Severity ?
Summary
System Security Services Daemon (SSSD) before 1.0.1, when the krb5 auth_provider is configured but the KDC is unreachable, allows physically proximate attackers to authenticate, via an arbitrary password, to the screen-locking program on a workstation that has any user's Kerberos ticket-granting ticket (TGT); and might allow remote attackers to bypass intended access restrictions via vectors involving an arbitrary password in conjunction with a valid TGT.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fedoraproject | sssd | * | |
| fedoraproject | sssd | 0.2.1 | |
| fedoraproject | sssd | 0.3.0 | |
| fedoraproject | sssd | 0.3.1 | |
| fedoraproject | sssd | 0.3.2 | |
| fedoraproject | sssd | 0.3.3 | |
| fedoraproject | sssd | 0.4.0 | |
| fedoraproject | sssd | 0.4.1 | |
| fedoraproject | sssd | 0.5.0 | |
| fedoraproject | sssd | 0.6.0 | |
| fedoraproject | sssd | 0.6.1 | |
| fedoraproject | sssd | 0.7.0 | |
| fedoraproject | sssd | 0.7.1 | |
| fedoraproject | sssd | 0.99.0 | |
| fedoraproject | sssd | 0.99.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2BB39CC8-3C50-4A5F-B16F-2E4ADE3BAD5F",
"versionEndIncluding": "1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:0.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "516466B9-5183-4F5B-A64E-836B365AC015",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5BE12795-5A6C-4EF6-86E1-A04FFEF853B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1BC55E33-CF2F-4749-8CAE-510A35697B87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:0.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F37B00AF-51D5-4FBC-8335-23FB49A2BE97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:0.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2B2D3AAE-5B5B-4737-B24C-873B1B28DDF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D55E385B-87E0-4088-878F-0466BF05FC37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:0.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3E85F048-BEB3-4D35-954E-E4FFF2B7A9F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:0.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CB6E070E-DB2B-4AFB-9E80-1061D51E572D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:0.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0C6B15E7-C558-4B8C-9F25-B6B0F7D4DAE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F4135B52-D2B0-4B38-AB94-294EDCF65C0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:0.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6FA1CC29-EDF9-41F7-9EDC-79B7F7DAF232",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5E096D40-0543-423E-B3DD-21EEFA1760FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:0.99.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D519F093-C7E2-4F98-B64E-457B41FC52F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:0.99.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F978466E-8AEA-4FA8-AD0F-2798CD5EEF03",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "System Security Services Daemon (SSSD) before 1.0.1, when the krb5 auth_provider is configured but the KDC is unreachable, allows physically proximate attackers to authenticate, via an arbitrary password, to the screen-locking program on a workstation that has any user\u0027s Kerberos ticket-granting ticket (TGT); and might allow remote attackers to bypass intended access restrictions via vectors involving an arbitrary password in conjunction with a valid TGT."
},
{
"lang": "es",
"value": "System Security Services Daemon (SSSD) anterior a v1.0.1, cuando st\u00e1 configurado krb5 auth_provider pero el KDC es inalcanzable, permite autenticarse a atacantes pr\u00f3ximos f\u00edsicamente, a trav\u00e9s de una contrase\u00f1a de su elecci\u00f3n sobre el programa de bloqueo de pantalla en una estaci\u00f3n de trabajo que tiene alg\u00fan ticket de usuario del tipo Kerberos ticket-granting (TGT); y podr\u00eda permitir a atacantes remotos evitar las restricciones de acceso establecidas a trav\u00e9s de vectores que involucran una contrase\u00f1a arbitraria en conjunci\u00f3n con un TGT v\u00e1lido."
}
],
"id": "CVE-2010-0014",
"lastModified": "2024-11-21T01:11:19.830",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.7,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 1.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-01-14T18:30:00.513",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38160"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/37747"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=553233"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://fedorahosted.org/sssd/wiki/Releases/Notes-1.0.1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38160"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/37747"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=553233"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://fedorahosted.org/sssd/wiki/Releases/Notes-1.0.1"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-01-15 15:29
Modified
2024-11-21 04:42
Severity ?
Summary
A vulnerability was found in sssd. If a user was configured with no home directory set, sssd would return '/' (the root directory) instead of '' (the empty string / no home directory). This could impact services that restrict the user's filesystem access to within their home directory through chroot() etc. All versions before 2.1 are vulnerable.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fedoraproject | sssd | * | |
| debian | debian_linux | 8.0 | |
| fedoraproject | fedora | - | |
| opensuse | leap | 15.0 | |
| opensuse | leap | 42.3 | |
| redhat | enterprise_linux | 7.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CE18BF4D-E68C-44E0-9D3C-1221EF2727D7",
"versionEndExcluding": "2.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D3FEADDA-2AEE-4F65-9401-971B585664A8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F1E78106-58E6-4D59-990F-75DA575BFAD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5F65DAB0-3DAD-49FF-BC73-3581CC3D5BF3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in sssd. If a user was configured with no home directory set, sssd would return \u0027/\u0027 (the root directory) instead of \u0027\u0027 (the empty string / no home directory). This could impact services that restrict the user\u0027s filesystem access to within their home directory through chroot() etc. All versions before 2.1 are vulnerable."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad en sssd. Si se configura un usuario sin un directorio de inicio establecido, sssd devolver\u00eda \"/\" (el directorio root) en lugar de \" \" (cadena vac\u00eda/no directorio de inicio). Esto podr\u00eda impactar sobre los servicios que restringen el acceso al sistema de archivos del usuario a solo su directorio de inicio mediante chroot(), etc. Todas las versiones anteriores a la 2.1 son vulnerables."
}
],
"id": "CVE-2019-3811",
"lastModified": "2024-11-21T04:42:35.407",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.7,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 5.1,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 1.4,
"source": "secalert@redhat.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.5,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-01-15T15:29:00.360",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00026.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00045.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.securityfocus.com/bid/106644"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2177"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3811"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00011.html"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00028.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00026.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00045.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.securityfocus.com/bid/106644"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2177"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3811"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00011.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00028.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
},
{
"lang": "en",
"value": "CWE-552"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-03-21 16:55
Modified
2024-11-21 01:47
Severity ?
Summary
The Simple Access Provider in System Security Services Daemon (SSSD) 1.9.0 through 1.9.4, when the Active Directory provider is used, does not properly enforce the simple_deny_groups option, which allows remote authenticated users to bypass intended access restrictions.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fedoraproject | sssd | 1.9.0 | |
| fedoraproject | sssd | 1.9.1 | |
| fedoraproject | sssd | 1.9.2 | |
| fedoraproject | sssd | 1.9.3 | |
| fedoraproject | sssd | 1.9.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:1.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "288395D1-C084-48F5-B266-24CF02151F1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:1.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FB813D7A-8048-4C24-BAED-D85999710F0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:1.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FF7C04C5-0777-4ED5-A40B-81FCF625ECCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:1.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "765E1A32-4BAD-48D5-A86A-936FF2DD47CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:1.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B2277D1F-A744-40B4-BA07-5689441E8FB3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Simple Access Provider in System Security Services Daemon (SSSD) 1.9.0 through 1.9.4, when the Active Directory provider is used, does not properly enforce the simple_deny_groups option, which allows remote authenticated users to bypass intended access restrictions."
},
{
"lang": "es",
"value": "El Simple Access Provider en System Security Services Daemon (SSSD) v1.9.0 hasta v1.9.4, cuando usa el proveedor de Active Directory, no se aplica correctamente la opci\u00f3n simple_deny_groups, lo que permite a usuarios remotos autenticados para eludir restricciones de acceso previstos."
}
],
"id": "CVE-2013-0287",
"lastModified": "2024-11-21T01:47:13.913",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-03-21T16:55:02.557",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=910938"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://git.fedorahosted.org/cgit/sssd.git/patch/?id=26590d31f492dbbd36be6d0bde46a4bd3b221edb"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://git.fedorahosted.org/cgit/sssd.git/patch/?id=6569d57e3bc168e6e83d70333b48c5cb43aa04c4"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://git.fedorahosted.org/cgit/sssd.git/patch/?id=6837eee3f7f81c0ee454d3718d67d7f3cc6b48ef"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://git.fedorahosted.org/cgit/sssd.git/patch/?id=754b09b5444e6da88ed58d6deaed8b815e268b6b"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://git.fedorahosted.org/cgit/sssd.git/patch/?id=7619be9f6bf649665fcbeee9e6b120f9f9cba2a5"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://git.fedorahosted.org/cgit/sssd.git/patch/?id=8b8019fe3dd1564fba657e219ec20ff816c7ffdb"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://git.fedorahosted.org/cgit/sssd.git/patch/?id=b63830b142053f99bfe954d4be5a2b0f68ce3a93"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://git.fedorahosted.org/cgit/sssd.git/patch/?id=c0bca1722d6f9dfb654ad78397be70f79ff39af1"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00115.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0663.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/52704"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/52722"
},
{
"source": "secalert@redhat.com",
"url": "http://securitytracker.com/id?1028317"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/58593"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.fedorahosted.org/pipermail/sssd-devel/2013-March/014066.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=910938"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://git.fedorahosted.org/cgit/sssd.git/patch/?id=26590d31f492dbbd36be6d0bde46a4bd3b221edb"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://git.fedorahosted.org/cgit/sssd.git/patch/?id=6569d57e3bc168e6e83d70333b48c5cb43aa04c4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://git.fedorahosted.org/cgit/sssd.git/patch/?id=6837eee3f7f81c0ee454d3718d67d7f3cc6b48ef"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://git.fedorahosted.org/cgit/sssd.git/patch/?id=754b09b5444e6da88ed58d6deaed8b815e268b6b"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://git.fedorahosted.org/cgit/sssd.git/patch/?id=7619be9f6bf649665fcbeee9e6b120f9f9cba2a5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://git.fedorahosted.org/cgit/sssd.git/patch/?id=8b8019fe3dd1564fba657e219ec20ff816c7ffdb"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://git.fedorahosted.org/cgit/sssd.git/patch/?id=b63830b142053f99bfe954d4be5a2b0f68ce3a93"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://git.fedorahosted.org/cgit/sssd.git/patch/?id=c0bca1722d6f9dfb654ad78397be70f79ff39af1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00115.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0663.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/52704"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/52722"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1028317"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/58593"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedorahosted.org/pipermail/sssd-devel/2013-March/014066.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-06-26 14:29
Modified
2024-11-21 03:42
Severity ?
3.8 (Low) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
The UNIX pipe which sudo uses to contact SSSD and read the available sudo rules from SSSD has too wide permissions, which means that anyone who can send a message using the same raw protocol that sudo and SSSD use can read the sudo rules available for any user. This affects versions of SSSD before 1.16.3.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://www.securityfocus.com/bid/104547 | Third Party Advisory, VDB Entry | |
| secalert@redhat.com | https://access.redhat.com/errata/RHSA-2018:3158 | Third Party Advisory | |
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10852 | Issue Tracking, Third Party Advisory | |
| secalert@redhat.com | https://lists.debian.org/debian-lts-announce/2018/07/msg00019.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/104547 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2018:3158 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10852 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2018/07/msg00019.html | Mailing List, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| debian | debian_linux | 8.0 | |
| fedoraproject | sssd | * | |
| redhat | enterprise_linux_desktop | 7.0 | |
| redhat | enterprise_linux_server | 7.0 | |
| redhat | enterprise_linux_workstation | 7.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CACA6508-9BB0-4703-9F8C-F1DCA63D8DD0",
"versionEndExcluding": "1.16.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The UNIX pipe which sudo uses to contact SSSD and read the available sudo rules from SSSD has too wide permissions, which means that anyone who can send a message using the same raw protocol that sudo and SSSD use can read the sudo rules available for any user. This affects versions of SSSD before 1.16.3."
},
{
"lang": "es",
"value": "El pipe de Unix que utiliza sudo para contactar SSSD y leer las reglas sudo disponibles desde SSSD tiene permisos demasiado laxos, lo que significa que cualquiera que pueda enviar un mensaje utilizando el mismo protocolo raw que utilizan sudo y SSSD puede leer reglas sudo disponibles para cualquier usuario. Esto afecta a las versiones SSSD en versiones anteriores a la 1.16.3."
}
],
"id": "CVE-2018-10852",
"lastModified": "2024-11-21T03:42:08.547",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.0,
"impactScore": 1.4,
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-06-26T14:29:02.207",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/104547"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3158"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10852"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00019.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/104547"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3158"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10852"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00019.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-12-19 14:29
Modified
2024-11-21 03:53
Severity ?
2.5 (Low) - CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
5.5 (Medium) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
sssd versions from 1.13.0 to before 2.0.0 did not properly restrict access to the infopipe according to the "allowed_uids" configuration parameter. If sensitive information were stored in the user directory, this could be inadvertently disclosed to local attackers.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://www.securityfocus.com/bid/106264 | Third Party Advisory, VDB Entry | |
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16883 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/106264 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16883 | Issue Tracking, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fedoraproject | sssd | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6FF81911-E3D4-46F8-8994-0FF9F30E3A07",
"versionEndExcluding": "2.0.0",
"versionStartIncluding": "1.13.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "sssd versions from 1.13.0 to before 2.0.0 did not properly restrict access to the infopipe according to the \"allowed_uids\" configuration parameter. If sensitive information were stored in the user directory, this could be inadvertently disclosed to local attackers."
},
{
"lang": "es",
"value": "sssd, desde la versi\u00f3n 1.13.0 hasta antes de la 2.0.0, no restringi\u00f3 correctamente el acceso a la infopipe seg\u00fan el par\u00e1metro de configuraci\u00f3n \"allowed_uids\". Si se almacena informaci\u00f3n sensible en el directorio de usuario, esto podr\u00eda divulgarse de forma inadvertida a los atacantes locales."
}
],
"id": "CVE-2018-16883",
"lastModified": "2024-11-21T03:53:31.620",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 2.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.0,
"impactScore": 1.4,
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-12-19T14:29:00.283",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/106264"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16883"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/106264"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16883"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-06-11 14:55
Modified
2024-11-21 02:01
Severity ?
Summary
The System Security Services Daemon (SSSD) 1.11.6 does not properly identify group membership when a non-POSIX group is in a group membership chain, which allows local users to bypass access restrictions via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fedoraproject | sssd | 1.11.6 | |
| redhat | enterprise_linux | 5 | |
| redhat | enterprise_linux | 6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:1.11.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1890E09D-3AD6-4C46-AD2F-C89DCC436C02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:5:*:*:*:*:*:*:*",
"matchCriteriaId": "AA9B3CC0-DF1C-4A86-B2A3-A9D428A5A6E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The System Security Services Daemon (SSSD) 1.11.6 does not properly identify group membership when a non-POSIX group is in a group membership chain, which allows local users to bypass access restrictions via unspecified vectors."
},
{
"lang": "es",
"value": "System Security Services Daemon (SSSD) 1.11.6 no identifica debidamente la pertenencia a un grupo cuando un grupo no POSIX est\u00e9 en una cadena de pertenencia a grupo, lo que permite a usuarios locales evadir restricciones de acceso a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2014-0249",
"lastModified": "2024-11-21T02:01:45.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-06-11T14:55:07.190",
"references": [
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1101751"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.fedorahosted.org/pipermail/sssd-devel/2014-May/019495.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1101751"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedorahosted.org/pipermail/sssd-devel/2014-May/019495.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-02-01 17:15
Modified
2024-11-21 07:34
Severity ?
Summary
sssd: libsss_certmap fails to sanitise certificate data used in LDAP filters
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fedoraproject:sssd:*:*:*:*:*:*:*:*",
"matchCriteriaId": "690E7363-ED75-400D-9F2F-5E87BEF9C238",
"versionEndExcluding": "2.3.1",
"versionStartIncluding": "1.15.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "566507B6-AC95-47F7-A3FB-C6F414E45F51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1CDCFF34-6F1D-45A1-BE37-6A0E17B04801",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B4A684C7-88FD-43C4-9BDB-AE337FCBD0AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "37CE1DC7-72C5-483C-8921-0B462C8284D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6897676D-53F9-45B3-B27F-7FF9A4C58D33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4DF2B9A2-8CA6-4EDF-9975-07265E363ED2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7DA6A5AF-2EBE-4ED9-B312-DCD9D150D031",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B09ACF2D-D83F-4A86-8185-9569605D8EE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "48C2E003-A71C-4D06-B8B3-F93160568182",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "sssd: libsss_certmap fails to sanitise certificate data used in LDAP filters"
}
],
"id": "CVE-2022-4254",
"lastModified": "2024-11-21T07:34:52.860",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-02-01T17:15:09.680",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2022-4254"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2149894"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/SSSD/sssd/commit/a2b9a84460429181f2a4fa7e2bb5ab49fd561274"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/SSSD/sssd/issues/5135"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00028.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2022-4254"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2149894"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/SSSD/sssd/commit/a2b9a84460429181f2a4fa7e2bb5ab49fd561274"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/SSSD/sssd/issues/5135"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00028.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-90"
}
],
"source": "secalert@redhat.com",
"type": "Primary"
}
]
}
cve-2021-3621
Vulnerability from cvelistv5
Published
2021-12-23 00:00
Modified
2024-08-03 17:01
Severity ?
EPSS score ?
Summary
A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs-fetch and cache-expire subcommands. This flaw allows an attacker to trick the root user into running a specially crafted sssctl command, such as via sudo, to gain root access. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:01:07.617Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://sssd.io/release-notes/sssd-2.6.0.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1975142"
},
{
"name": "[debian-lts-announce] 20230529 [SECURITY] [DLA 3436-1] sssd security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00028.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "sssd",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "sssd 2.6.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs-fetch and cache-expire subcommands. This flaw allows an attacker to trick the root user into running a specially crafted sssctl command, such as via sudo, to gain root access. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-29T00:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://sssd.io/release-notes/sssd-2.6.0.html"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1975142"
},
{
"name": "[debian-lts-announce] 20230529 [SECURITY] [DLA 3436-1] sssd security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00028.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-3621",
"datePublished": "2021-12-23T00:00:00",
"dateReserved": "2021-06-24T00:00:00",
"dateUpdated": "2024-08-03T17:01:07.617Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-16838
Vulnerability from cvelistv5
Published
2019-03-25 17:41
Modified
2024-08-05 10:32
Severity ?
EPSS score ?
Summary
A flaw was found in sssd Group Policy Objects implementation. When the GPO is not readable by SSSD due to a too strict permission settings on the server side, SSSD will allow all authenticated users to login instead of denying access.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16838 | x_refsource_CONFIRM | |
| http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00042.html | vendor-advisory, x_refsource_SUSE | |
| http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00051.html | vendor-advisory, x_refsource_SUSE | |
| https://access.redhat.com/errata/RHSA-2019:2177 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2019:2437 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2019:3651 | vendor-advisory, x_refsource_REDHAT | |
| https://lists.debian.org/debian-lts-announce/2023/05/msg00028.html |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:32:54.014Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16838"
},
{
"name": "openSUSE-SU-2019:1576",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00042.html"
},
{
"name": "openSUSE-SU-2019:1589",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00051.html"
},
{
"name": "RHSA-2019:2177",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2177"
},
{
"name": "RHSA-2019:2437",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2437"
},
{
"name": "RHSA-2019:3651",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3651"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00028.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "sssd",
"vendor": "[UNKNOWN]",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in sssd Group Policy Objects implementation. When the GPO is not readable by SSSD due to a too strict permission settings on the server side, SSSD will allow all authenticated users to login instead of denying access."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-06T00:08:13",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16838"
},
{
"name": "openSUSE-SU-2019:1576",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00042.html"
},
{
"name": "openSUSE-SU-2019:1589",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00051.html"
},
{
"name": "RHSA-2019:2177",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2177"
},
{
"name": "RHSA-2019:2437",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2437"
},
{
"name": "RHSA-2019:3651",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3651"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00028.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2018-16838",
"datePublished": "2019-03-25T17:41:18",
"dateReserved": "2018-09-11T00:00:00",
"dateUpdated": "2024-08-05T10:32:54.014Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-10852
Vulnerability from cvelistv5
Published
2018-06-26 14:00
Modified
2024-08-05 07:46
Severity ?
EPSS score ?
Summary
The UNIX pipe which sudo uses to contact SSSD and read the available sudo rules from SSSD has too wide permissions, which means that anyone who can send a message using the same raw protocol that sudo and SSSD use can read the sudo rules available for any user. This affects versions of SSSD before 1.16.3.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.debian.org/debian-lts-announce/2018/07/msg00019.html | mailing-list, x_refsource_MLIST | |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10852 | x_refsource_CONFIRM | |
| https://access.redhat.com/errata/RHSA-2018:3158 | vendor-advisory, x_refsource_REDHAT | |
| http://www.securityfocus.com/bid/104547 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:46:47.244Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[debian-lts-announce] 20180716 [SECURITY] [DLA 1429-1] sssd security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00019.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10852"
},
{
"name": "RHSA-2018:3158",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3158"
},
{
"name": "104547",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104547"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "sssd",
"vendor": "[UNKNOWN]",
"versions": [
{
"status": "affected",
"version": "SSSD 1.16.3"
}
]
}
],
"datePublic": "2018-06-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The UNIX pipe which sudo uses to contact SSSD and read the available sudo rules from SSSD has too wide permissions, which means that anyone who can send a message using the same raw protocol that sudo and SSSD use can read the sudo rules available for any user. This affects versions of SSSD before 1.16.3."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-31T09:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[debian-lts-announce] 20180716 [SECURITY] [DLA 1429-1] sssd security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00019.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10852"
},
{
"name": "RHSA-2018:3158",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3158"
},
{
"name": "104547",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104547"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2018-10852",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "sssd",
"version": {
"version_data": [
{
"version_value": "SSSD 1.16.3"
}
]
}
}
]
},
"vendor_name": "[UNKNOWN]"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The UNIX pipe which sudo uses to contact SSSD and read the available sudo rules from SSSD has too wide permissions, which means that anyone who can send a message using the same raw protocol that sudo and SSSD use can read the sudo rules available for any user. This affects versions of SSSD before 1.16.3."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "3.8/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[debian-lts-announce] 20180716 [SECURITY] [DLA 1429-1] sssd security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00019.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10852",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10852"
},
{
"name": "RHSA-2018:3158",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3158"
},
{
"name": "104547",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104547"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2018-10852",
"datePublished": "2018-06-26T14:00:00",
"dateReserved": "2018-05-09T00:00:00",
"dateUpdated": "2024-08-05T07:46:47.244Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-16883
Vulnerability from cvelistv5
Published
2018-12-19 14:00
Modified
2024-08-05 10:32
Severity ?
EPSS score ?
Summary
sssd versions from 1.13.0 to before 2.0.0 did not properly restrict access to the infopipe according to the "allowed_uids" configuration parameter. If sensitive information were stored in the user directory, this could be inadvertently disclosed to local attackers.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/106264 | vdb-entry, x_refsource_BID | |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16883 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:32:54.202Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "106264",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106264"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16883"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "sssd",
"vendor": "[UNKNOWN]",
"versions": [
{
"status": "affected",
"version": "2.0.0"
}
]
}
],
"datePublic": "2018-12-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "sssd versions from 1.13.0 to before 2.0.0 did not properly restrict access to the infopipe according to the \"allowed_uids\" configuration parameter. If sensitive information were stored in the user directory, this could be inadvertently disclosed to local attackers."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 2.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-21T10:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "106264",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106264"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16883"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2018-16883",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "sssd",
"version": {
"version_data": [
{
"version_value": "2.0.0"
}
]
}
}
]
},
"vendor_name": "[UNKNOWN]"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "sssd versions from 1.13.0 to before 2.0.0 did not properly restrict access to the infopipe according to the \"allowed_uids\" configuration parameter. If sensitive information were stored in the user directory, this could be inadvertently disclosed to local attackers."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "2.5/CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "106264",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106264"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16883",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16883"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2018-16883",
"datePublished": "2018-12-19T14:00:00",
"dateReserved": "2018-09-11T00:00:00",
"dateUpdated": "2024-08-05T10:32:54.202Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-0219
Vulnerability from cvelistv5
Published
2013-02-24 19:00
Modified
2024-08-06 14:18
Severity ?
EPSS score ?
Summary
System Security Services Daemon (SSSD) before 1.9.4, when (1) creating, (2) copying, or (3) removing a user home directory tree, allows local users to create, modify, or delete arbitrary files via a symlink attack on another user's files.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:18:09.487Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.4"
},
{
"name": "51928",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/51928"
},
{
"name": "FEDORA-2013-1795",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098434.html"
},
{
"name": "RHSA-2013:0508",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0508.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.fedorahosted.org/cgit/sssd.git/commit/?id=94cbf1cfb0f88c967f1fb0a4cf23723148868e4a"
},
{
"name": "RHSA-2013:1319",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1319.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.fedorahosted.org/cgit/sssd.git/commit/?id=020bf88fd1c5bdac8fc671b37c7118f5378c7047"
},
{
"name": "52315",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/52315"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://fedorahosted.org/sssd/ticket/1782"
},
{
"name": "57539",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/57539"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.fedorahosted.org/cgit/sssd.git/commit/?id=3843b284cd3e8f88327772ebebc7249990fd87b9"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=884254"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.fedorahosted.org/cgit/sssd.git/commit/?id=e864d914a44a37016736554e9257c06b18c57d37"
},
{
"name": "FEDORA-2013-1826",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098613.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-01-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "System Security Services Daemon (SSSD) before 1.9.4, when (1) creating, (2) copying, or (3) removing a user home directory tree, allows local users to create, modify, or delete arbitrary files via a symlink attack on another user\u0027s files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-10-11T09:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.4"
},
{
"name": "51928",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/51928"
},
{
"name": "FEDORA-2013-1795",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098434.html"
},
{
"name": "RHSA-2013:0508",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0508.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.fedorahosted.org/cgit/sssd.git/commit/?id=94cbf1cfb0f88c967f1fb0a4cf23723148868e4a"
},
{
"name": "RHSA-2013:1319",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1319.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.fedorahosted.org/cgit/sssd.git/commit/?id=020bf88fd1c5bdac8fc671b37c7118f5378c7047"
},
{
"name": "52315",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/52315"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://fedorahosted.org/sssd/ticket/1782"
},
{
"name": "57539",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/57539"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.fedorahosted.org/cgit/sssd.git/commit/?id=3843b284cd3e8f88327772ebebc7249990fd87b9"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=884254"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.fedorahosted.org/cgit/sssd.git/commit/?id=e864d914a44a37016736554e9257c06b18c57d37"
},
{
"name": "FEDORA-2013-1826",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098613.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-0219",
"datePublished": "2013-02-24T19:00:00",
"dateReserved": "2012-12-06T00:00:00",
"dateUpdated": "2024-08-06T14:18:09.487Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-3811
Vulnerability from cvelistv5
Published
2019-01-15 15:00
Modified
2024-08-04 19:19
Severity ?
EPSS score ?
Summary
A vulnerability was found in sssd. If a user was configured with no home directory set, sssd would return '/' (the root directory) instead of '' (the empty string / no home directory). This could impact services that restrict the user's filesystem access to within their home directory through chroot() etc. All versions before 2.1 are vulnerable.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.debian.org/debian-lts-announce/2019/01/msg00011.html | mailing-list, x_refsource_MLIST | |
| http://www.securityfocus.com/bid/106644 | vdb-entry, x_refsource_BID | |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3811 | x_refsource_CONFIRM | |
| http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00026.html | vendor-advisory, x_refsource_SUSE | |
| http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00045.html | vendor-advisory, x_refsource_SUSE | |
| https://access.redhat.com/errata/RHSA-2019:2177 | vendor-advisory, x_refsource_REDHAT | |
| https://lists.debian.org/debian-lts-announce/2023/05/msg00028.html |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | The sssd Project | sssd |
Version: 2.1 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:19:18.262Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[debian-lts-announce] 20190117 [SECURITY] [DLA 1635-1] sssd security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00011.html"
},
{
"name": "106644",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106644"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3811"
},
{
"name": "openSUSE-SU-2019:0344",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00026.html"
},
{
"name": "openSUSE-SU-2019:1174",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00045.html"
},
{
"name": "RHSA-2019:2177",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2177"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00028.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "sssd",
"vendor": "The sssd Project",
"versions": [
{
"status": "affected",
"version": "2.1"
}
]
}
],
"datePublic": "2018-12-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in sssd. If a user was configured with no home directory set, sssd would return \u0027/\u0027 (the root directory) instead of \u0027\u0027 (the empty string / no home directory). This could impact services that restrict the user\u0027s filesystem access to within their home directory through chroot() etc. All versions before 2.1 are vulnerable."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-552",
"description": "CWE-552",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-06T16:06:29",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[debian-lts-announce] 20190117 [SECURITY] [DLA 1635-1] sssd security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00011.html"
},
{
"name": "106644",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106644"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3811"
},
{
"name": "openSUSE-SU-2019:0344",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00026.html"
},
{
"name": "openSUSE-SU-2019:1174",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00045.html"
},
{
"name": "RHSA-2019:2177",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2177"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00028.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2019-3811",
"datePublished": "2019-01-15T15:00:00",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-08-04T19:19:18.262Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-0220
Vulnerability from cvelistv5
Published
2013-02-24 19:00
Modified
2024-08-06 14:18
Severity ?
EPSS score ?
Summary
The (1) sss_autofs_cmd_getautomntent and (2) sss_autofs_cmd_getautomntbyname function in responder/autofs/autofssrv_cmd.c and the (3) ssh_cmd_parse_request function in responder/ssh/sshsrv_cmd.c in System Security Services Daemon (SSSD) before 1.9.4 allow remote attackers to cause a denial of service (out-of-bounds read, crash, and restart) via a crafted SSSD packet.
References
| ▼ | URL | Tags |
|---|---|---|
| https://fedorahosted.org/sssd/ticket/1781 | x_refsource_CONFIRM | |
| https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.4 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/51928 | third-party-advisory, x_refsource_SECUNIA | |
| http://git.fedorahosted.org/cgit/sssd.git/commit/?id=30e2585dd46b62aa3a4abdf6de3f40a20e1743ab | x_refsource_CONFIRM | |
| http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098434.html | vendor-advisory, x_refsource_FEDORA | |
| http://rhn.redhat.com/errata/RHSA-2013-0508.html | vendor-advisory, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=884601 | x_refsource_MISC | |
| http://git.fedorahosted.org/cgit/sssd.git/commit/?id=2bd514cfde1938b1e245af11c9b548d58d49b325 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/52315 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/57539 | vdb-entry, x_refsource_BID | |
| http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098613.html | vendor-advisory, x_refsource_FEDORA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:18:09.559Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://fedorahosted.org/sssd/ticket/1781"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.4"
},
{
"name": "51928",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/51928"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.fedorahosted.org/cgit/sssd.git/commit/?id=30e2585dd46b62aa3a4abdf6de3f40a20e1743ab"
},
{
"name": "FEDORA-2013-1795",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098434.html"
},
{
"name": "RHSA-2013:0508",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0508.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=884601"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.fedorahosted.org/cgit/sssd.git/commit/?id=2bd514cfde1938b1e245af11c9b548d58d49b325"
},
{
"name": "52315",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/52315"
},
{
"name": "57539",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/57539"
},
{
"name": "FEDORA-2013-1826",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098613.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The (1) sss_autofs_cmd_getautomntent and (2) sss_autofs_cmd_getautomntbyname function in responder/autofs/autofssrv_cmd.c and the (3) ssh_cmd_parse_request function in responder/ssh/sshsrv_cmd.c in System Security Services Daemon (SSSD) before 1.9.4 allow remote attackers to cause a denial of service (out-of-bounds read, crash, and restart) via a crafted SSSD packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-02-24T19:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://fedorahosted.org/sssd/ticket/1781"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.4"
},
{
"name": "51928",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/51928"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.fedorahosted.org/cgit/sssd.git/commit/?id=30e2585dd46b62aa3a4abdf6de3f40a20e1743ab"
},
{
"name": "FEDORA-2013-1795",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098434.html"
},
{
"name": "RHSA-2013:0508",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0508.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=884601"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.fedorahosted.org/cgit/sssd.git/commit/?id=2bd514cfde1938b1e245af11c9b548d58d49b325"
},
{
"name": "52315",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/52315"
},
{
"name": "57539",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/57539"
},
{
"name": "FEDORA-2013-1826",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098613.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-0220",
"datePublished": "2013-02-24T19:00:00Z",
"dateReserved": "2012-12-06T00:00:00Z",
"dateUpdated": "2024-08-06T14:18:09.559Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-4254
Vulnerability from cvelistv5
Published
2023-02-01 00:00
Modified
2024-08-03 01:34
Severity ?
EPSS score ?
Summary
sssd: libsss_certmap fails to sanitise certificate data used in LDAP filters
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:34:49.913Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2149894"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/SSSD/sssd/issues/5135"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/SSSD/sssd/commit/a2b9a84460429181f2a4fa7e2bb5ab49fd561274"
},
{
"tags": [
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2022-4254"
},
{
"name": "[debian-lts-announce] 20230529 [SECURITY] [DLA 3436-1] sssd security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00028.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SSSD",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Affects SSSD 1.15.3, Fixed in SSSD 2.3.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "sssd: libsss_certmap fails to sanitise certificate data used in LDAP filters"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-90",
"description": "CWE-90 - Improper Neutralization of Special Elements used in an LDAP Query (\u0027LDAP Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-29T00:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2149894"
},
{
"url": "https://github.com/SSSD/sssd/issues/5135"
},
{
"url": "https://github.com/SSSD/sssd/commit/a2b9a84460429181f2a4fa7e2bb5ab49fd561274"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2022-4254"
},
{
"name": "[debian-lts-announce] 20230529 [SECURITY] [DLA 3436-1] sssd security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00028.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2022-4254",
"datePublished": "2023-02-01T00:00:00",
"dateReserved": "2022-12-01T00:00:00",
"dateUpdated": "2024-08-03T01:34:49.913Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-12173
Vulnerability from cvelistv5
Published
2018-07-27 16:00
Modified
2024-08-05 18:28
Severity ?
EPSS score ?
Summary
It was found that sssd's sysdb_search_user_by_upn_res() function before 1.16.0 did not sanitize requests when querying its local cache and was vulnerable to injection. In a centralized login environment, if a password hash was locally cached for a given user, an authenticated attacker could use this flaw to retrieve it.
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2017:3379 | vendor-advisory, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12173 | x_refsource_CONFIRM | |
| https://access.redhat.com/errata/RHSA-2018:1877 | vendor-advisory, x_refsource_REDHAT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:28:16.645Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2017:3379",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3379"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12173"
},
{
"name": "RHSA-2018:1877",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1877"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "sssd",
"vendor": "SSSD",
"versions": [
{
"status": "affected",
"version": "1.16.0"
}
]
}
],
"datePublic": "2017-10-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "It was found that sssd\u0027s sysdb_search_user_by_upn_res() function before 1.16.0 did not sanitize requests when querying its local cache and was vulnerable to injection. In a centralized login environment, if a password hash was locally cached for a given user, an authenticated attacker could use this flaw to retrieve it."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-28T09:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2017:3379",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3379"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12173"
},
{
"name": "RHSA-2018:1877",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1877"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2017-12173",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "sssd",
"version": {
"version_data": [
{
"version_value": "1.16.0"
}
]
}
}
]
},
"vendor_name": "SSSD"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "It was found that sssd\u0027s sysdb_search_user_by_upn_res() function before 1.16.0 did not sanitize requests when querying its local cache and was vulnerable to injection. In a centralized login environment, if a password hash was locally cached for a given user, an authenticated attacker could use this flaw to retrieve it."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "4.3/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2017:3379",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3379"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12173",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12173"
},
{
"name": "RHSA-2018:1877",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1877"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2017-12173",
"datePublished": "2018-07-27T16:00:00",
"dateReserved": "2017-08-01T00:00:00",
"dateUpdated": "2024-08-05T18:28:16.645Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-5292
Vulnerability from cvelistv5
Published
2015-10-29 16:00
Modified
2024-08-06 06:41
Severity ?
EPSS score ?
Summary
Memory leak in the Privilege Attribute Certificate (PAC) responder plugin (sssd_pac_plugin.so) in System Security Services Daemon (SSSD) 1.10 before 1.13.1 allows remote authenticated users to cause a denial of service (memory consumption) via a large number of logins that trigger parsing of PAC blobs during Kerberos authentication.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:41:09.410Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2015:2355",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-2355.html"
},
{
"name": "RHSA-2015:2019",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-2019.html"
},
{
"name": "[sssd-users] 20151021 A security bug in SSSD 1.10 and later (CVE-2015-5292)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://permalink.gmane.org/gmane.linux.redhat.sssd.user/3422"
},
{
"name": "1034038",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034038"
},
{
"name": "77529",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/77529"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://fedorahosted.org/sssd/attachment/ticket/2803/0001-Fix-memory-leak-in-sssdpac_verify.patch"
},
{
"name": "FEDORA-2015-cdea5324a8",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169613.html"
},
{
"name": "FEDORA-2015-202c127199",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169110.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1267580"
},
{
"name": "FEDORA-2015-7b47df69d3",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169597.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://fedorahosted.org/sssd/ticket/2803"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-10-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Memory leak in the Privilege Attribute Certificate (PAC) responder plugin (sssd_pac_plugin.so) in System Security Services Daemon (SSSD) 1.10 before 1.13.1 allows remote authenticated users to cause a denial of service (memory consumption) via a large number of logins that trigger parsing of PAC blobs during Kerberos authentication."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-05T22:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2015:2355",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-2355.html"
},
{
"name": "RHSA-2015:2019",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-2019.html"
},
{
"name": "[sssd-users] 20151021 A security bug in SSSD 1.10 and later (CVE-2015-5292)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://permalink.gmane.org/gmane.linux.redhat.sssd.user/3422"
},
{
"name": "1034038",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034038"
},
{
"name": "77529",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/77529"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://fedorahosted.org/sssd/attachment/ticket/2803/0001-Fix-memory-leak-in-sssdpac_verify.patch"
},
{
"name": "FEDORA-2015-cdea5324a8",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169613.html"
},
{
"name": "FEDORA-2015-202c127199",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169110.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1267580"
},
{
"name": "FEDORA-2015-7b47df69d3",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169597.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://fedorahosted.org/sssd/ticket/2803"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.1"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-5292",
"datePublished": "2015-10-29T16:00:00",
"dateReserved": "2015-07-01T00:00:00",
"dateUpdated": "2024-08-06T06:41:09.410Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-4341
Vulnerability from cvelistv5
Published
2011-01-25 00:00
Modified
2024-08-07 03:43
Severity ?
EPSS score ?
Summary
The pam_parse_in_data_v2 function in src/responder/pam/pamsrv_cmd.c in the PAM responder in SSSD 1.5.0, 1.4.x, and 1.3 allows local users to cause a denial of service (infinite loop, crash, and login prevention) via a crafted packet.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:43:14.801Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "43068",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43068"
},
{
"name": "45961",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/45961"
},
{
"name": "43055",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43055"
},
{
"name": "ADV-2011-0212",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0212"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=661163"
},
{
"name": "FEDORA-2011-0364",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053337.html"
},
{
"name": "sssd-pamparseindatav2-dos(64881)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64881"
},
{
"name": "RHSA-2011:0560",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0560.html"
},
{
"name": "FEDORA-2011-0337",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053319.html"
},
{
"name": "ADV-2011-0197",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0197"
},
{
"name": "RHSA-2011:0975",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0975.html"
},
{
"name": "SUSE-SR:2011:002",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"name": "43053",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43053"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-01-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The pam_parse_in_data_v2 function in src/responder/pam/pamsrv_cmd.c in the PAM responder in SSSD 1.5.0, 1.4.x, and 1.3 allows local users to cause a denial of service (infinite loop, crash, and login prevention) via a crafted packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "43068",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43068"
},
{
"name": "45961",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/45961"
},
{
"name": "43055",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43055"
},
{
"name": "ADV-2011-0212",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0212"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=661163"
},
{
"name": "FEDORA-2011-0364",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053337.html"
},
{
"name": "sssd-pamparseindatav2-dos(64881)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64881"
},
{
"name": "RHSA-2011:0560",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0560.html"
},
{
"name": "FEDORA-2011-0337",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053319.html"
},
{
"name": "ADV-2011-0197",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0197"
},
{
"name": "RHSA-2011:0975",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0975.html"
},
{
"name": "SUSE-SR:2011:002",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"name": "43053",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43053"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-4341",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The pam_parse_in_data_v2 function in src/responder/pam/pamsrv_cmd.c in the PAM responder in SSSD 1.5.0, 1.4.x, and 1.3 allows local users to cause a denial of service (infinite loop, crash, and login prevention) via a crafted packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "43068",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43068"
},
{
"name": "45961",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45961"
},
{
"name": "43055",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43055"
},
{
"name": "ADV-2011-0212",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0212"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=661163",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=661163"
},
{
"name": "FEDORA-2011-0364",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053337.html"
},
{
"name": "sssd-pamparseindatav2-dos(64881)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64881"
},
{
"name": "RHSA-2011:0560",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0560.html"
},
{
"name": "FEDORA-2011-0337",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053319.html"
},
{
"name": "ADV-2011-0197",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0197"
},
{
"name": "RHSA-2011:0975",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0975.html"
},
{
"name": "SUSE-SR:2011:002",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"name": "43053",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43053"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-4341",
"datePublished": "2011-01-25T00:00:00",
"dateReserved": "2010-11-30T00:00:00",
"dateUpdated": "2024-08-07T03:43:14.801Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-2940
Vulnerability from cvelistv5
Published
2010-08-30 19:00
Modified
2024-08-07 02:55
Severity ?
EPSS score ?
Summary
The auth_send function in providers/ldap/ldap_auth.c in System Security Services Daemon (SSSD) 1.3.0, when LDAP authentication and anonymous bind are enabled, allows remote attackers to bypass the authentication requirements of pam_authenticate via an empty password.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/61399 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/41159 | third-party-advisory, x_refsource_SECUNIA | |
| https://bugzilla.redhat.com/show_bug.cgi?id=625189 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:55:45.482Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "sssd-ldap-security-bypass(61399)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61399"
},
{
"name": "41159",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/41159"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=625189"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-08-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The auth_send function in providers/ldap/ldap_auth.c in System Security Services Daemon (SSSD) 1.3.0, when LDAP authentication and anonymous bind are enabled, allows remote attackers to bypass the authentication requirements of pam_authenticate via an empty password."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "sssd-ldap-security-bypass(61399)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61399"
},
{
"name": "41159",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/41159"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=625189"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-2940",
"datePublished": "2010-08-30T19:00:00",
"dateReserved": "2010-08-04T00:00:00",
"dateUpdated": "2024-08-07T02:55:45.482Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-0249
Vulnerability from cvelistv5
Published
2014-06-11 14:00
Modified
2024-08-06 09:05
Severity ?
EPSS score ?
Summary
The System Security Services Daemon (SSSD) 1.11.6 does not properly identify group membership when a non-POSIX group is in a group membership chain, which allows local users to bypass access restrictions via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.fedorahosted.org/pipermail/sssd-devel/2014-May/019495.html | mailing-list, x_refsource_MLIST | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1101751 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:05:39.493Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[SSSD] 20140513 On POSIX and non-POSIX groups",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.fedorahosted.org/pipermail/sssd-devel/2014-May/019495.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1101751"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-05-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The System Security Services Daemon (SSSD) 1.11.6 does not properly identify group membership when a non-POSIX group is in a group membership chain, which allows local users to bypass access restrictions via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-06-12T13:57:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[SSSD] 20140513 On POSIX and non-POSIX groups",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.fedorahosted.org/pipermail/sssd-devel/2014-May/019495.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1101751"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-0249",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The System Security Services Daemon (SSSD) 1.11.6 does not properly identify group membership when a non-POSIX group is in a group membership chain, which allows local users to bypass access restrictions via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[SSSD] 20140513 On POSIX and non-POSIX groups",
"refsource": "MLIST",
"url": "https://lists.fedorahosted.org/pipermail/sssd-devel/2014-May/019495.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1101751",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1101751"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-0249",
"datePublished": "2014-06-11T14:00:00",
"dateReserved": "2013-12-03T00:00:00",
"dateUpdated": "2024-08-06T09:05:39.493Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-0014
Vulnerability from cvelistv5
Published
2010-01-14 18:00
Modified
2024-09-16 20:47
Severity ?
EPSS score ?
Summary
System Security Services Daemon (SSSD) before 1.0.1, when the krb5 auth_provider is configured but the KDC is unreachable, allows physically proximate attackers to authenticate, via an arbitrary password, to the screen-locking program on a workstation that has any user's Kerberos ticket-granting ticket (TGT); and might allow remote attackers to bypass intended access restrictions via vectors involving an arbitrary password in conjunction with a valid TGT.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/38160 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/37747 | vdb-entry, x_refsource_BID | |
| https://fedorahosted.org/sssd/wiki/Releases/Notes-1.0.1 | x_refsource_CONFIRM | |
| https://bugzilla.redhat.com/show_bug.cgi?id=553233 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:37:52.983Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "38160",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38160"
},
{
"name": "37747",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/37747"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://fedorahosted.org/sssd/wiki/Releases/Notes-1.0.1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=553233"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "System Security Services Daemon (SSSD) before 1.0.1, when the krb5 auth_provider is configured but the KDC is unreachable, allows physically proximate attackers to authenticate, via an arbitrary password, to the screen-locking program on a workstation that has any user\u0027s Kerberos ticket-granting ticket (TGT); and might allow remote attackers to bypass intended access restrictions via vectors involving an arbitrary password in conjunction with a valid TGT."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-01-14T18:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "38160",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38160"
},
{
"name": "37747",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/37747"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://fedorahosted.org/sssd/wiki/Releases/Notes-1.0.1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=553233"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-0014",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "System Security Services Daemon (SSSD) before 1.0.1, when the krb5 auth_provider is configured but the KDC is unreachable, allows physically proximate attackers to authenticate, via an arbitrary password, to the screen-locking program on a workstation that has any user\u0027s Kerberos ticket-granting ticket (TGT); and might allow remote attackers to bypass intended access restrictions via vectors involving an arbitrary password in conjunction with a valid TGT."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "38160",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38160"
},
{
"name": "37747",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37747"
},
{
"name": "https://fedorahosted.org/sssd/wiki/Releases/Notes-1.0.1",
"refsource": "CONFIRM",
"url": "https://fedorahosted.org/sssd/wiki/Releases/Notes-1.0.1"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=553233",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=553233"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-0014",
"datePublished": "2010-01-14T18:00:00Z",
"dateReserved": "2009-12-14T00:00:00Z",
"dateUpdated": "2024-09-16T20:47:31.841Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-3462
Vulnerability from cvelistv5
Published
2019-12-26 20:14
Modified
2024-08-06 20:05
Severity ?
EPSS score ?
Summary
A flaw was found in SSSD version 1.9.0. The SSSD's access-provider logic causes the result of the HBAC rule processing to be ignored in the event that the access-provider is also handling the setup of the user's SELinux user context.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-3462 | x_refsource_MISC | |
| https://access.redhat.com/security/cve/cve-2012-3462 | x_refsource_MISC | |
| https://pagure.io/SSSD/sssd/issue/1470 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:05:12.697Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-3462"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/cve-2012-3462"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://pagure.io/SSSD/sssd/issue/1470"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "sssd",
"vendor": "sssd",
"versions": [
{
"status": "affected",
"version": "1.9.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in SSSD version 1.9.0. The SSSD\u0027s access-provider logic causes the result of the HBAC rule processing to be ignored in the event that the access-provider is also handling the setup of the user\u0027s SELinux user context."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Other",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-26T20:14:37",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-3462"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/security/cve/cve-2012-3462"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://pagure.io/SSSD/sssd/issue/1470"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-3462",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "sssd",
"version": {
"version_data": [
{
"version_value": "1.9.0"
}
]
}
}
]
},
"vendor_name": "sssd"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in SSSD version 1.9.0. The SSSD\u0027s access-provider logic causes the result of the HBAC rule processing to be ignored in the event that the access-provider is also handling the setup of the user\u0027s SELinux user context."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-3462",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-3462"
},
{
"name": "https://access.redhat.com/security/cve/cve-2012-3462",
"refsource": "MISC",
"url": "https://access.redhat.com/security/cve/cve-2012-3462"
},
{
"name": "https://pagure.io/SSSD/sssd/issue/1470",
"refsource": "MISC",
"url": "https://pagure.io/SSSD/sssd/issue/1470"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-3462",
"datePublished": "2019-12-26T20:14:37",
"dateReserved": "2012-06-14T00:00:00",
"dateUpdated": "2024-08-06T20:05:12.697Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-1758
Vulnerability from cvelistv5
Published
2011-05-26 18:00
Modified
2024-08-06 22:37
Severity ?
EPSS score ?
Summary
The krb5_save_ccname_done function in providers/krb5/krb5_auth.c in System Security Services Daemon (SSSD) 1.5.x before 1.5.7, when automatic ticket renewal and offline authentication are configured, uses a pathname string as a password, which allows local users to bypass Kerberos authentication by listing the /tmp directory to obtain the pathname.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=700867 | x_refsource_CONFIRM | |
| https://fedorahosted.org/sssd/ticket/856 | x_refsource_CONFIRM | |
| http://openwall.com/lists/oss-security/2011/04/29/4 | mailing-list, x_refsource_MLIST | |
| http://lists.fedoraproject.org/pipermail/package-announce/2011-May/059619.html | vendor-advisory, x_refsource_FEDORA | |
| http://lists.fedoraproject.org/pipermail/package-announce/2011-May/059532.html | vendor-advisory, x_refsource_FEDORA | |
| https://fedorahosted.org/pipermail/sssd-devel/2011-April/006138.html | mailing-list, x_refsource_MLIST | |
| https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.7 | x_refsource_CONFIRM | |
| http://git.fedorahosted.org/git/?p=sssd.git%3Ba=commit%3Bh=fffdae81651b460f3d2c119c56d5caa09b4de42a | x_refsource_CONFIRM | |
| https://bugzilla.redhat.com/show_bug.cgi?id=700891 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:37:25.779Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=700867"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://fedorahosted.org/sssd/ticket/856"
},
{
"name": "[oss-security] 20110429 vulnerability in sssd 1.5.0+ (CVE-2011-1758)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/04/29/4"
},
{
"name": "FEDORA-2011-5815",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-May/059619.html"
},
{
"name": "FEDORA-2011-6279",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-May/059532.html"
},
{
"name": "[sssd-devel] 20110429 SSSD Security Release 1.5.7",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://fedorahosted.org/pipermail/sssd-devel/2011-April/006138.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.7"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.fedorahosted.org/git/?p=sssd.git%3Ba=commit%3Bh=fffdae81651b460f3d2c119c56d5caa09b4de42a"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=700891"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The krb5_save_ccname_done function in providers/krb5/krb5_auth.c in System Security Services Daemon (SSSD) 1.5.x before 1.5.7, when automatic ticket renewal and offline authentication are configured, uses a pathname string as a password, which allows local users to bypass Kerberos authentication by listing the /tmp directory to obtain the pathname."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-05-26T18:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=700867"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://fedorahosted.org/sssd/ticket/856"
},
{
"name": "[oss-security] 20110429 vulnerability in sssd 1.5.0+ (CVE-2011-1758)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/04/29/4"
},
{
"name": "FEDORA-2011-5815",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-May/059619.html"
},
{
"name": "FEDORA-2011-6279",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-May/059532.html"
},
{
"name": "[sssd-devel] 20110429 SSSD Security Release 1.5.7",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://fedorahosted.org/pipermail/sssd-devel/2011-April/006138.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.7"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.fedorahosted.org/git/?p=sssd.git%3Ba=commit%3Bh=fffdae81651b460f3d2c119c56d5caa09b4de42a"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=700891"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-1758",
"datePublished": "2011-05-26T18:00:00Z",
"dateReserved": "2011-04-19T00:00:00Z",
"dateUpdated": "2024-08-06T22:37:25.779Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-0287
Vulnerability from cvelistv5
Published
2013-03-21 16:00
Modified
2024-08-06 14:18
Severity ?
EPSS score ?
Summary
The Simple Access Provider in System Security Services Daemon (SSSD) 1.9.0 through 1.9.4, when the Active Directory provider is used, does not properly enforce the simple_deny_groups option, which allows remote authenticated users to bypass intended access restrictions.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:18:09.867Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "openSUSE-SU-2013:0559",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00115.html"
},
{
"name": "52704",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/52704"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.fedorahosted.org/cgit/sssd.git/patch/?id=7619be9f6bf649665fcbeee9e6b120f9f9cba2a5"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.fedorahosted.org/cgit/sssd.git/patch/?id=6569d57e3bc168e6e83d70333b48c5cb43aa04c4"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=910938"
},
{
"name": "[sssd-devel] 20130319 [SSSD] A security bug in SSSD 1.9 (CVE-2013-0287)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.fedorahosted.org/pipermail/sssd-devel/2013-March/014066.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.fedorahosted.org/cgit/sssd.git/patch/?id=8b8019fe3dd1564fba657e219ec20ff816c7ffdb"
},
{
"name": "58593",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/58593"
},
{
"name": "52722",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/52722"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.fedorahosted.org/cgit/sssd.git/patch/?id=6837eee3f7f81c0ee454d3718d67d7f3cc6b48ef"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.fedorahosted.org/cgit/sssd.git/patch/?id=c0bca1722d6f9dfb654ad78397be70f79ff39af1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.fedorahosted.org/cgit/sssd.git/patch/?id=b63830b142053f99bfe954d4be5a2b0f68ce3a93"
},
{
"name": "1028317",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1028317"
},
{
"name": "RHSA-2013:0663",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0663.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.fedorahosted.org/cgit/sssd.git/patch/?id=754b09b5444e6da88ed58d6deaed8b815e268b6b"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.fedorahosted.org/cgit/sssd.git/patch/?id=26590d31f492dbbd36be6d0bde46a4bd3b221edb"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-02-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Simple Access Provider in System Security Services Daemon (SSSD) 1.9.0 through 1.9.4, when the Active Directory provider is used, does not properly enforce the simple_deny_groups option, which allows remote authenticated users to bypass intended access restrictions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-05-15T09:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "openSUSE-SU-2013:0559",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00115.html"
},
{
"name": "52704",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/52704"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.fedorahosted.org/cgit/sssd.git/patch/?id=7619be9f6bf649665fcbeee9e6b120f9f9cba2a5"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.fedorahosted.org/cgit/sssd.git/patch/?id=6569d57e3bc168e6e83d70333b48c5cb43aa04c4"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=910938"
},
{
"name": "[sssd-devel] 20130319 [SSSD] A security bug in SSSD 1.9 (CVE-2013-0287)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.fedorahosted.org/pipermail/sssd-devel/2013-March/014066.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.fedorahosted.org/cgit/sssd.git/patch/?id=8b8019fe3dd1564fba657e219ec20ff816c7ffdb"
},
{
"name": "58593",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/58593"
},
{
"name": "52722",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/52722"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.fedorahosted.org/cgit/sssd.git/patch/?id=6837eee3f7f81c0ee454d3718d67d7f3cc6b48ef"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.fedorahosted.org/cgit/sssd.git/patch/?id=c0bca1722d6f9dfb654ad78397be70f79ff39af1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.fedorahosted.org/cgit/sssd.git/patch/?id=b63830b142053f99bfe954d4be5a2b0f68ce3a93"
},
{
"name": "1028317",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1028317"
},
{
"name": "RHSA-2013:0663",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0663.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.fedorahosted.org/cgit/sssd.git/patch/?id=754b09b5444e6da88ed58d6deaed8b815e268b6b"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.fedorahosted.org/cgit/sssd.git/patch/?id=26590d31f492dbbd36be6d0bde46a4bd3b221edb"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-0287",
"datePublished": "2013-03-21T16:00:00",
"dateReserved": "2012-12-06T00:00:00",
"dateUpdated": "2024-08-06T14:18:09.867Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}