| ID |
CVE-2010-4341
|
| Summary |
The pam_parse_in_data_v2 function in src/responder/pam/pamsrv_cmd.c in the PAM responder in SSSD 1.5.0, 1.4.x, and 1.3 allows local users to cause a denial of service (infinite loop, crash, and login prevention) via a crafted packet. |
| References |
|
| Vulnerable Configurations |
-
cpe:2.3:a:fedorahosted:sssd:1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:fedorahosted:sssd:1.4.0:*:*:*:*:*:*:*
-
cpe:2.3:a:fedorahosted:sssd:1.4.1:*:*:*:*:*:*:*
cpe:2.3:a:fedorahosted:sssd:1.4.1:*:*:*:*:*:*:*
-
cpe:2.3:a:fedoraproject:sssd:1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:1.3.0:*:*:*:*:*:*:*
-
cpe:2.3:a:fedoraproject:sssd:1.5.0:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:1.5.0:*:*:*:*:*:*:*
|
| CVSS |
| Base: | 2.1 (as of 17-08-2017 - 01:33) |
| Impact: | |
| Exploitability: | |
|
| CWE |
CWE-399 |
| CAPEC |
|
| Access |
| Vector | Complexity | Authentication |
| LOCAL |
LOW |
NONE |
|
| Impact |
| Confidentiality | Integrity | Availability |
| NONE |
NONE |
PARTIAL |
|
| cvss-vector
via4
|
AV:L/AC:L/Au:N/C:N/I:N/A:P
|
| redhat
via4
|
| advisories | | bugzilla | | id | 701700 | | title | sssd client libraries use select() but should use poll() instead |
| | oval | | OR | | comment | Red Hat Enterprise Linux must be installed | | oval | oval:com.redhat.rhba:tst:20070304026 |
| AND | | comment | Red Hat Enterprise Linux 6 is installed | | oval | oval:com.redhat.rhba:tst:20111656003 |
| OR | | AND | | comment | sssd is earlier than 0:1.5.1-34.el6 | | oval | oval:com.redhat.rhsa:tst:20110560001 |
| comment | sssd is signed with Red Hat redhatrelease2 key | | oval | oval:com.redhat.rhba:tst:20141375020 |
|
| AND | | comment | sssd-client is earlier than 0:1.5.1-34.el6 | | oval | oval:com.redhat.rhsa:tst:20110560003 |
| comment | sssd-client is signed with Red Hat redhatrelease2 key | | oval | oval:com.redhat.rhba:tst:20141375024 |
|
| AND | | comment | sssd-tools is earlier than 0:1.5.1-34.el6 | | oval | oval:com.redhat.rhsa:tst:20110560005 |
| comment | sssd-tools is signed with Red Hat redhatrelease2 key | | oval | oval:com.redhat.rhba:tst:20141375042 |
|
|
|
|
| | rhsa | | id | RHSA-2011:0560 | | released | 2011-05-19 | | severity | Low | | title | RHSA-2011:0560: sssd security, bug fix, and enhancement update (Low) |
|
| bugzilla | | id | 707574 | | title | SSSD's async resolver only tries the first nameserver in /etc/resolv.conf |
| | oval | | OR | | comment | Red Hat Enterprise Linux must be installed | | oval | oval:com.redhat.rhba:tst:20070304026 |
| AND | | comment | Red Hat Enterprise Linux 5 is installed | | oval | oval:com.redhat.rhba:tst:20070331005 |
| OR | | AND | | comment | sssd is earlier than 0:1.5.1-37.el5 | | oval | oval:com.redhat.rhsa:tst:20110975001 |
| comment | sssd is signed with Red Hat redhatrelease key | | oval | oval:com.redhat.rhsa:tst:20110975002 |
|
| AND | | comment | sssd-client is earlier than 0:1.5.1-37.el5 | | oval | oval:com.redhat.rhsa:tst:20110975003 |
| comment | sssd-client is signed with Red Hat redhatrelease key | | oval | oval:com.redhat.rhsa:tst:20110975004 |
|
| AND | | comment | sssd-tools is earlier than 0:1.5.1-37.el5 | | oval | oval:com.redhat.rhsa:tst:20110975005 |
| comment | sssd-tools is signed with Red Hat redhatrelease key | | oval | oval:com.redhat.rhsa:tst:20110975006 |
|
|
|
|
| | rhsa | | id | RHSA-2011:0975 | | released | 2011-07-21 | | severity | Low | | title | RHSA-2011:0975: sssd security, bug fix, and enhancement update (Low) |
|
| | rpms | - sssd-0:1.5.1-34.el6
- sssd-client-0:1.5.1-34.el6
- sssd-debuginfo-0:1.5.1-34.el6
- sssd-tools-0:1.5.1-34.el6
- sssd-0:1.5.1-37.el5
- sssd-client-0:1.5.1-37.el5
- sssd-debuginfo-0:1.5.1-37.el5
- sssd-tools-0:1.5.1-37.el5
|
|
| refmap
via4
|
|
| Last major update |
17-08-2017 - 01:33 |
| Published |
25-01-2011 - 01:00 |
| Last modified |
17-08-2017 - 01:33 |
