ID CVE-2010-4341
Summary The pam_parse_in_data_v2 function in src/responder/pam/pamsrv_cmd.c in the PAM responder in SSSD 1.5.0, 1.4.x, and 1.3 allows local users to cause a denial of service (infinite loop, crash, and login prevention) via a crafted packet.
References
Vulnerable Configurations
  • cpe:2.3:a:fedorahosted:sssd:1.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:fedorahosted:sssd:1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:fedorahosted:sssd:1.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:fedorahosted:sssd:1.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:fedoraproject:sssd:1.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:fedoraproject:sssd:1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:fedoraproject:sssd:1.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:fedoraproject:sssd:1.5.0:*:*:*:*:*:*:*
CVSS
Base: 2.1 (as of 17-08-2017 - 01:33)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:L/AC:L/Au:N/C:N/I:N/A:P
redhat via4
advisories
  • bugzilla
    id 701700
    title sssd client libraries use select() but should use poll() instead
    oval
    AND
    • OR
      • comment Red Hat Enterprise Linux 6 Client is installed
        oval oval:com.redhat.rhba:tst:20111656001
      • comment Red Hat Enterprise Linux 6 Server is installed
        oval oval:com.redhat.rhba:tst:20111656002
      • comment Red Hat Enterprise Linux 6 Workstation is installed
        oval oval:com.redhat.rhba:tst:20111656003
      • comment Red Hat Enterprise Linux 6 ComputeNode is installed
        oval oval:com.redhat.rhba:tst:20111656004
    • OR
      • AND
        • comment sssd is earlier than 0:1.5.1-34.el6
          oval oval:com.redhat.rhsa:tst:20110560005
        • comment sssd is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20141375006
      • AND
        • comment sssd-client is earlier than 0:1.5.1-34.el6
          oval oval:com.redhat.rhsa:tst:20110560007
        • comment sssd-client is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20141375036
      • AND
        • comment sssd-tools is earlier than 0:1.5.1-34.el6
          oval oval:com.redhat.rhsa:tst:20110560009
        • comment sssd-tools is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20141375040
    rhsa
    id RHSA-2011:0560
    released 2011-05-19
    severity Low
    title RHSA-2011:0560: sssd security, bug fix, and enhancement update (Low)
  • bugzilla
    id 707574
    title SSSD's async resolver only tries the first nameserver in /etc/resolv.conf
    oval
    AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhba:tst:20070331001
    • OR
      • AND
        • comment sssd is earlier than 0:1.5.1-37.el5
          oval oval:com.redhat.rhsa:tst:20110975002
        • comment sssd is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20110975003
      • AND
        • comment sssd-client is earlier than 0:1.5.1-37.el5
          oval oval:com.redhat.rhsa:tst:20110975006
        • comment sssd-client is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20110975007
      • AND
        • comment sssd-tools is earlier than 0:1.5.1-37.el5
          oval oval:com.redhat.rhsa:tst:20110975004
        • comment sssd-tools is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20110975005
    rhsa
    id RHSA-2011:0975
    released 2011-07-21
    severity Low
    title RHSA-2011:0975: sssd security, bug fix, and enhancement update (Low)
rpms
  • sssd-0:1.5.1-34.el6
  • sssd-client-0:1.5.1-34.el6
  • sssd-tools-0:1.5.1-34.el6
  • sssd-0:1.5.1-37.el5
  • sssd-client-0:1.5.1-37.el5
  • sssd-tools-0:1.5.1-37.el5
refmap via4
bid 45961
confirm https://bugzilla.redhat.com/show_bug.cgi?id=661163
fedora
  • FEDORA-2011-0337
  • FEDORA-2011-0364
secunia
  • 43053
  • 43055
  • 43068
suse SUSE-SR:2011:002
vupen
  • ADV-2011-0197
  • ADV-2011-0212
xf sssd-pamparseindatav2-dos(64881)
Last major update 17-08-2017 - 01:33
Published 25-01-2011 - 01:00
Back to Top