ID CVE-2015-5292
Summary Memory leak in the Privilege Attribute Certificate (PAC) responder plugin (sssd_pac_plugin.so) in System Security Services Daemon (SSSD) 1.10 before 1.13.1 allows remote authenticated users to cause a denial of service (memory consumption) via a large number of logins that trigger parsing of PAC blobs during Kerberos authentication.
References
Vulnerable Configurations
  • Fedora SSSD - System Security Services Daemon 1.10.0
    cpe:2.3:a:fedoraproject:sssd:1.10.0
  • Fedora SSSD - System Security Services Daemon 1.10.1
    cpe:2.3:a:fedoraproject:sssd:1.10.1
  • Fedora SSSD - System Security Services Daemon 1.11.0
    cpe:2.3:a:fedoraproject:sssd:1.11.0
  • Fedora SSSD - System Security Services Daemon 1.11.1
    cpe:2.3:a:fedoraproject:sssd:1.11.1
  • Fedora SSSD - System Security Services Daemon 1.11.2
    cpe:2.3:a:fedoraproject:sssd:1.11.2
  • Fedora SSSD - System Security Services Daemon 1.11.3
    cpe:2.3:a:fedoraproject:sssd:1.11.3
  • Fedora SSSD - System Security Services Daemon 1.11.4
    cpe:2.3:a:fedoraproject:sssd:1.11.4
  • Fedora SSSD - System Security Services Daemon 1.11.5
    cpe:2.3:a:fedoraproject:sssd:1.11.5
  • Fedora SSSD - System Security Services Daemon 1.11.6
    cpe:2.3:a:fedoraproject:sssd:1.11.6
  • Fedora SSSD - System Security Services Daemon 1.11.7
    cpe:2.3:a:fedoraproject:sssd:1.11.7
  • Fedora SSSD - System Security Services Daemon 1.12.0
    cpe:2.3:a:fedoraproject:sssd:1.12.0
  • Fedora SSSD - System Security Services Daemon 1.12.1
    cpe:2.3:a:fedoraproject:sssd:1.12.1
  • Fedora SSSD - System Security Services Daemon 1.12.2
    cpe:2.3:a:fedoraproject:sssd:1.12.2
  • Fedora SSSD - System Security Services Daemon 1.12.3
    cpe:2.3:a:fedoraproject:sssd:1.12.3
  • Fedora SSSD - System Security Services Daemon 1.12.4
    cpe:2.3:a:fedoraproject:sssd:1.12.4
  • Fedora SSSD - System Security Services Daemon 1.12.5
    cpe:2.3:a:fedoraproject:sssd:1.12.5
  • Fedora SSSD - System Security Services Daemon 1.13.0
    cpe:2.3:a:fedoraproject:sssd:1.13.0
CVSS
Base: 6.8 (as of 30-10-2015 - 13:16)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE_INSTANCE
Impact
ConfidentialityIntegrityAvailability
NONE NONE COMPLETE
redhat via4
advisories
  • bugzilla
    id 1268783
    title Memory leak / possible DoS with krb auth. [rhel 6.7.z]
    oval
    AND
    • OR
      • comment Red Hat Enterprise Linux 6 Client is installed
        oval oval:com.redhat.rhsa:tst:20100842001
      • comment Red Hat Enterprise Linux 6 Server is installed
        oval oval:com.redhat.rhsa:tst:20100842002
      • comment Red Hat Enterprise Linux 6 Workstation is installed
        oval oval:com.redhat.rhsa:tst:20100842003
      • comment Red Hat Enterprise Linux 6 ComputeNode is installed
        oval oval:com.redhat.rhsa:tst:20100842004
    • OR
      • AND
        • comment libipa_hbac is earlier than 0:1.12.4-47.el6_7.4
          oval oval:com.redhat.rhsa:tst:20152019035
        • comment libipa_hbac is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20130508020
      • AND
        • comment libipa_hbac-devel is earlier than 0:1.12.4-47.el6_7.4
          oval oval:com.redhat.rhsa:tst:20152019033
        • comment libipa_hbac-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20130508026
      • AND
        • comment libipa_hbac-python is earlier than 0:1.12.4-47.el6_7.4
          oval oval:com.redhat.rhsa:tst:20152019045
        • comment libipa_hbac-python is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20130508012
      • AND
        • comment libsss_idmap is earlier than 0:1.12.4-47.el6_7.4
          oval oval:com.redhat.rhsa:tst:20152019005
        • comment libsss_idmap is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20130508018
      • AND
        • comment libsss_idmap-devel is earlier than 0:1.12.4-47.el6_7.4
          oval oval:com.redhat.rhsa:tst:20152019013
        • comment libsss_idmap-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20130508010
      • AND
        • comment libsss_nss_idmap is earlier than 0:1.12.4-47.el6_7.4
          oval oval:com.redhat.rhsa:tst:20152019037
        • comment libsss_nss_idmap is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20152019038
      • AND
        • comment libsss_nss_idmap-devel is earlier than 0:1.12.4-47.el6_7.4
          oval oval:com.redhat.rhsa:tst:20152019041
        • comment libsss_nss_idmap-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20152019042
      • AND
        • comment libsss_nss_idmap-python is earlier than 0:1.12.4-47.el6_7.4
          oval oval:com.redhat.rhsa:tst:20152019009
        • comment libsss_nss_idmap-python is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20152019010
      • AND
        • comment libsss_simpleifp is earlier than 0:1.12.4-47.el6_7.4
          oval oval:com.redhat.rhsa:tst:20152019043
        • comment libsss_simpleifp is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20152019044
      • AND
        • comment libsss_simpleifp-devel is earlier than 0:1.12.4-47.el6_7.4
          oval oval:com.redhat.rhsa:tst:20152019007
        • comment libsss_simpleifp-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20152019008
      • AND
        • comment python-sssdconfig is earlier than 0:1.12.4-47.el6_7.4
          oval oval:com.redhat.rhsa:tst:20152019049
        • comment python-sssdconfig is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20152019050
      • AND
        • comment sssd is earlier than 0:1.12.4-47.el6_7.4
          oval oval:com.redhat.rhsa:tst:20152019023
        • comment sssd is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110560006
      • AND
        • comment sssd-ad is earlier than 0:1.12.4-47.el6_7.4
          oval oval:com.redhat.rhsa:tst:20152019027
        • comment sssd-ad is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20152019028
      • AND
        • comment sssd-client is earlier than 0:1.12.4-47.el6_7.4
          oval oval:com.redhat.rhsa:tst:20152019019
        • comment sssd-client is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110560008
      • AND
        • comment sssd-common is earlier than 0:1.12.4-47.el6_7.4
          oval oval:com.redhat.rhsa:tst:20152019025
        • comment sssd-common is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20152019026
      • AND
        • comment sssd-common-pac is earlier than 0:1.12.4-47.el6_7.4
          oval oval:com.redhat.rhsa:tst:20152019047
        • comment sssd-common-pac is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20152019048
      • AND
        • comment sssd-dbus is earlier than 0:1.12.4-47.el6_7.4
          oval oval:com.redhat.rhsa:tst:20152019021
        • comment sssd-dbus is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20152019022
      • AND
        • comment sssd-ipa is earlier than 0:1.12.4-47.el6_7.4
          oval oval:com.redhat.rhsa:tst:20152019015
        • comment sssd-ipa is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20152019016
      • AND
        • comment sssd-krb5 is earlier than 0:1.12.4-47.el6_7.4
          oval oval:com.redhat.rhsa:tst:20152019031
        • comment sssd-krb5 is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20152019032
      • AND
        • comment sssd-krb5-common is earlier than 0:1.12.4-47.el6_7.4
          oval oval:com.redhat.rhsa:tst:20152019011
        • comment sssd-krb5-common is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20152019012
      • AND
        • comment sssd-ldap is earlier than 0:1.12.4-47.el6_7.4
          oval oval:com.redhat.rhsa:tst:20152019039
        • comment sssd-ldap is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20152019040
      • AND
        • comment sssd-proxy is earlier than 0:1.12.4-47.el6_7.4
          oval oval:com.redhat.rhsa:tst:20152019017
        • comment sssd-proxy is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20152019018
      • AND
        • comment sssd-tools is earlier than 0:1.12.4-47.el6_7.4
          oval oval:com.redhat.rhsa:tst:20152019029
        • comment sssd-tools is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110560010
    rhsa
    id RHSA-2015:2019
    released 2015-11-10
    severity Low
    title RHSA-2015:2019: sssd security and bug fix update (Low)
  • bugzilla
    id 1270827
    title local overrides: don't contact server with overridden name/id
    oval
    AND
    • OR
      • comment Red Hat Enterprise Linux 7 Client is installed
        oval oval:com.redhat.rhsa:tst:20140675001
      • comment Red Hat Enterprise Linux 7 Server is installed
        oval oval:com.redhat.rhsa:tst:20140675002
      • comment Red Hat Enterprise Linux 7 Workstation is installed
        oval oval:com.redhat.rhsa:tst:20140675003
      • comment Red Hat Enterprise Linux 7 ComputeNode is installed
        oval oval:com.redhat.rhsa:tst:20140675004
    • OR
      • AND
        • comment libipa_hbac is earlier than 0:1.13.0-40.el7
          oval oval:com.redhat.rhsa:tst:20152355005
        • comment libipa_hbac is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20130508020
      • AND
        • comment libipa_hbac-devel is earlier than 0:1.13.0-40.el7
          oval oval:com.redhat.rhsa:tst:20152355047
        • comment libipa_hbac-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20130508026
      • AND
        • comment libsss_idmap is earlier than 0:1.13.0-40.el7
          oval oval:com.redhat.rhsa:tst:20152355049
        • comment libsss_idmap is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20130508018
      • AND
        • comment libsss_idmap-devel is earlier than 0:1.13.0-40.el7
          oval oval:com.redhat.rhsa:tst:20152355045
        • comment libsss_idmap-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20130508010
      • AND
        • comment libsss_nss_idmap is earlier than 0:1.13.0-40.el7
          oval oval:com.redhat.rhsa:tst:20152355017
        • comment libsss_nss_idmap is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20152019038
      • AND
        • comment libsss_nss_idmap-devel is earlier than 0:1.13.0-40.el7
          oval oval:com.redhat.rhsa:tst:20152355039
        • comment libsss_nss_idmap-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20152019042
      • AND
        • comment libsss_simpleifp is earlier than 0:1.13.0-40.el7
          oval oval:com.redhat.rhsa:tst:20152355021
        • comment libsss_simpleifp is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20152019044
      • AND
        • comment libsss_simpleifp-devel is earlier than 0:1.13.0-40.el7
          oval oval:com.redhat.rhsa:tst:20152355011
        • comment libsss_simpleifp-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20152019008
      • AND
        • comment python-libipa_hbac is earlier than 0:1.13.0-40.el7
          oval oval:com.redhat.rhsa:tst:20152355043
        • comment python-libipa_hbac is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20152355044
      • AND
        • comment python-libsss_nss_idmap is earlier than 0:1.13.0-40.el7
          oval oval:com.redhat.rhsa:tst:20152355029
        • comment python-libsss_nss_idmap is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20152355030
      • AND
        • comment python-sss is earlier than 0:1.13.0-40.el7
          oval oval:com.redhat.rhsa:tst:20152355033
        • comment python-sss is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20152355034
      • AND
        • comment python-sss-murmur is earlier than 0:1.13.0-40.el7
          oval oval:com.redhat.rhsa:tst:20152355053
        • comment python-sss-murmur is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20152355054
      • AND
        • comment python-sssdconfig is earlier than 0:1.13.0-40.el7
          oval oval:com.redhat.rhsa:tst:20152355057
        • comment python-sssdconfig is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20152019050
      • AND
        • comment sssd is earlier than 0:1.13.0-40.el7
          oval oval:com.redhat.rhsa:tst:20152355051
        • comment sssd is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110560006
      • AND
        • comment sssd-ad is earlier than 0:1.13.0-40.el7
          oval oval:com.redhat.rhsa:tst:20152355007
        • comment sssd-ad is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20152019028
      • AND
        • comment sssd-client is earlier than 0:1.13.0-40.el7
          oval oval:com.redhat.rhsa:tst:20152355055
        • comment sssd-client is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110560008
      • AND
        • comment sssd-common is earlier than 0:1.13.0-40.el7
          oval oval:com.redhat.rhsa:tst:20152355041
        • comment sssd-common is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20152019026
      • AND
        • comment sssd-common-pac is earlier than 0:1.13.0-40.el7
          oval oval:com.redhat.rhsa:tst:20152355037
        • comment sssd-common-pac is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20152019048
      • AND
        • comment sssd-dbus is earlier than 0:1.13.0-40.el7
          oval oval:com.redhat.rhsa:tst:20152355027
        • comment sssd-dbus is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20152019022
      • AND
        • comment sssd-ipa is earlier than 0:1.13.0-40.el7
          oval oval:com.redhat.rhsa:tst:20152355025
        • comment sssd-ipa is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20152019016
      • AND
        • comment sssd-krb5 is earlier than 0:1.13.0-40.el7
          oval oval:com.redhat.rhsa:tst:20152355009
        • comment sssd-krb5 is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20152019032
      • AND
        • comment sssd-krb5-common is earlier than 0:1.13.0-40.el7
          oval oval:com.redhat.rhsa:tst:20152355013
        • comment sssd-krb5-common is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20152019012
      • AND
        • comment sssd-ldap is earlier than 0:1.13.0-40.el7
          oval oval:com.redhat.rhsa:tst:20152355019
        • comment sssd-ldap is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20152019040
      • AND
        • comment sssd-libwbclient is earlier than 0:1.13.0-40.el7
          oval oval:com.redhat.rhsa:tst:20152355023
        • comment sssd-libwbclient is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20152355024
      • AND
        • comment sssd-libwbclient-devel is earlier than 0:1.13.0-40.el7
          oval oval:com.redhat.rhsa:tst:20152355031
        • comment sssd-libwbclient-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20152355032
      • AND
        • comment sssd-proxy is earlier than 0:1.13.0-40.el7
          oval oval:com.redhat.rhsa:tst:20152355035
        • comment sssd-proxy is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20152019018
      • AND
        • comment sssd-tools is earlier than 0:1.13.0-40.el7
          oval oval:com.redhat.rhsa:tst:20152355015
        • comment sssd-tools is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110560010
    rhsa
    id RHSA-2015:2355
    released 2015-06-22
    severity Low
    title RHSA-2015:2355: sssd security, bug fix, and enhancement update (Low)
rpms
  • libipa_hbac-0:1.12.4-47.el6_7.4
  • libipa_hbac-devel-0:1.12.4-47.el6_7.4
  • libipa_hbac-python-0:1.12.4-47.el6_7.4
  • libsss_idmap-0:1.12.4-47.el6_7.4
  • libsss_idmap-devel-0:1.12.4-47.el6_7.4
  • libsss_nss_idmap-0:1.12.4-47.el6_7.4
  • libsss_nss_idmap-devel-0:1.12.4-47.el6_7.4
  • libsss_nss_idmap-python-0:1.12.4-47.el6_7.4
  • libsss_simpleifp-0:1.12.4-47.el6_7.4
  • libsss_simpleifp-devel-0:1.12.4-47.el6_7.4
  • python-sssdconfig-0:1.12.4-47.el6_7.4
  • sssd-0:1.12.4-47.el6_7.4
  • sssd-ad-0:1.12.4-47.el6_7.4
  • sssd-client-0:1.12.4-47.el6_7.4
  • sssd-common-0:1.12.4-47.el6_7.4
  • sssd-common-pac-0:1.12.4-47.el6_7.4
  • sssd-dbus-0:1.12.4-47.el6_7.4
  • sssd-ipa-0:1.12.4-47.el6_7.4
  • sssd-krb5-0:1.12.4-47.el6_7.4
  • sssd-krb5-common-0:1.12.4-47.el6_7.4
  • sssd-ldap-0:1.12.4-47.el6_7.4
  • sssd-proxy-0:1.12.4-47.el6_7.4
  • sssd-tools-0:1.12.4-47.el6_7.4
  • libipa_hbac-0:1.13.0-40.el7
  • libipa_hbac-devel-0:1.13.0-40.el7
  • libsss_idmap-0:1.13.0-40.el7
  • libsss_idmap-devel-0:1.13.0-40.el7
  • libsss_nss_idmap-0:1.13.0-40.el7
  • libsss_nss_idmap-devel-0:1.13.0-40.el7
  • libsss_simpleifp-0:1.13.0-40.el7
  • libsss_simpleifp-devel-0:1.13.0-40.el7
  • python-libipa_hbac-0:1.13.0-40.el7
  • python-libsss_nss_idmap-0:1.13.0-40.el7
  • python-sss-0:1.13.0-40.el7
  • python-sss-murmur-0:1.13.0-40.el7
  • python-sssdconfig-0:1.13.0-40.el7
  • sssd-0:1.13.0-40.el7
  • sssd-ad-0:1.13.0-40.el7
  • sssd-client-0:1.13.0-40.el7
  • sssd-common-0:1.13.0-40.el7
  • sssd-common-pac-0:1.13.0-40.el7
  • sssd-dbus-0:1.13.0-40.el7
  • sssd-ipa-0:1.13.0-40.el7
  • sssd-krb5-0:1.13.0-40.el7
  • sssd-krb5-common-0:1.13.0-40.el7
  • sssd-ldap-0:1.13.0-40.el7
  • sssd-libwbclient-0:1.13.0-40.el7
  • sssd-libwbclient-devel-0:1.13.0-40.el7
  • sssd-proxy-0:1.13.0-40.el7
  • sssd-tools-0:1.13.0-40.el7
refmap via4
bid 77529
confirm
fedora
  • FEDORA-2015-202c127199
  • FEDORA-2015-7b47df69d3
  • FEDORA-2015-cdea5324a8
mlist [sssd-users] 20151021 A security bug in SSSD 1.10 and later (CVE-2015-5292)
sectrack 1034038
Last major update 07-12-2016 - 13:16
Published 29-10-2015 - 12:59
Back to Top