CVE-2015-5292 - Memory leak in the Privilege Attribute Certificate (PAC) responder plugin (sssd_pac_plugin.so) in Sy

CVE-2015-5292

Summary

Memory leak in the Privilege Attribute Certificate (PAC) responder plugin (sssd_pac_plugin.so) in System Security Services Daemon (SSSD) 1.10 before 1.13.1 allows remote authenticated users to cause a denial of service (memory consumption) via a large number of logins that trigger parsing of PAC blobs during Kerberos authentication.

References

Vulnerable Configurations

cpe:2.3:a:fedoraproject:sssd:1.12.5:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:1.12.5:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:1.10.1:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:1.10.1:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:1.11.0:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:1.11.0:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:1.10.0:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:1.10.0:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:1.12.2:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:1.12.2:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:1.11.4:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:1.11.4:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:1.12.0:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:1.12.0:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:1.11.5:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:1.11.5:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:1.11.3:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:1.11.3:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:1.12.3:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:1.12.3:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:1.11.7:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:1.11.7:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:1.11.1:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:1.11.1:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:1.11.6:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:1.11.6:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:1.12.1:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:1.12.1:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:1.11.2:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:1.11.2:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:1.13.0:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:1.13.0:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:1.12.4:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:sssd:1.12.4:*:*:*:*:*:*:*

CVSS

Base:	6.8 (as of 13-02-2023 - 00:53)
Impact:
Exploitability:

CWE

CWE-399

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	SINGLE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	COMPLETE

cvss-vector via4

AV:N/AC:L/Au:S/C:N/I:N/A:C

redhat via4

advisories

bugzilla

id	1268783
title	Memory leak / possible DoS with krb auth. [rhel 6.7.z]

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 6 is installed
oval oval:com.redhat.rhba:tst:20111656003

AND

comment libipa_hbac is earlier than 0:1.12.4-47.el6_7.4
oval oval:com.redhat.rhsa:tst:20152019001
comment libipa_hbac is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20141375002

AND

comment libipa_hbac-devel is earlier than 0:1.12.4-47.el6_7.4
oval oval:com.redhat.rhsa:tst:20152019003
comment libipa_hbac-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20141375004

AND

comment libipa_hbac-python is earlier than 0:1.12.4-47.el6_7.4
oval oval:com.redhat.rhsa:tst:20152019005
comment libipa_hbac-python is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20141375006

AND

comment libsss_idmap is earlier than 0:1.12.4-47.el6_7.4
oval oval:com.redhat.rhsa:tst:20152019007
comment libsss_idmap is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20141375008

AND

comment libsss_idmap-devel is earlier than 0:1.12.4-47.el6_7.4
oval oval:com.redhat.rhsa:tst:20152019009
comment libsss_idmap-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20141375010

AND

comment libsss_nss_idmap is earlier than 0:1.12.4-47.el6_7.4
oval oval:com.redhat.rhsa:tst:20152019011
comment libsss_nss_idmap is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20141375012

AND

comment libsss_nss_idmap-devel is earlier than 0:1.12.4-47.el6_7.4
oval oval:com.redhat.rhsa:tst:20152019013
comment libsss_nss_idmap-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20141375014

AND

comment libsss_nss_idmap-python is earlier than 0:1.12.4-47.el6_7.4
oval oval:com.redhat.rhsa:tst:20152019015
comment libsss_nss_idmap-python is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20141375016

AND

comment libsss_simpleifp is earlier than 0:1.12.4-47.el6_7.4
oval oval:com.redhat.rhsa:tst:20152019017
comment libsss_simpleifp is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20150441018

AND

comment libsss_simpleifp-devel is earlier than 0:1.12.4-47.el6_7.4
oval oval:com.redhat.rhsa:tst:20152019019
comment libsss_simpleifp-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20150441020

AND

comment python-sssdconfig is earlier than 0:1.12.4-47.el6_7.4
oval oval:com.redhat.rhsa:tst:20152019021
comment python-sssdconfig is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20141375018

AND
comment sssd is earlier than 0:1.12.4-47.el6_7.4
oval oval:com.redhat.rhsa:tst:20152019023
comment sssd is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20141375020
AND
comment sssd-ad is earlier than 0:1.12.4-47.el6_7.4
oval oval:com.redhat.rhsa:tst:20152019025
comment sssd-ad is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20141375022

AND

comment sssd-client is earlier than 0:1.12.4-47.el6_7.4
oval oval:com.redhat.rhsa:tst:20152019027
comment sssd-client is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20141375024

AND

comment sssd-common is earlier than 0:1.12.4-47.el6_7.4
oval oval:com.redhat.rhsa:tst:20152019029
comment sssd-common is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20141375026

AND

comment sssd-common-pac is earlier than 0:1.12.4-47.el6_7.4
oval oval:com.redhat.rhsa:tst:20152019031
comment sssd-common-pac is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20141375028

AND
comment sssd-dbus is earlier than 0:1.12.4-47.el6_7.4
oval oval:com.redhat.rhsa:tst:20152019033
comment sssd-dbus is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20141375030
AND
comment sssd-ipa is earlier than 0:1.12.4-47.el6_7.4
oval oval:com.redhat.rhsa:tst:20152019035
comment sssd-ipa is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20141375032
AND
comment sssd-krb5 is earlier than 0:1.12.4-47.el6_7.4
oval oval:com.redhat.rhsa:tst:20152019037
comment sssd-krb5 is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20141375034

AND

comment sssd-krb5-common is earlier than 0:1.12.4-47.el6_7.4
oval oval:com.redhat.rhsa:tst:20152019039
comment sssd-krb5-common is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20141375036

AND
comment sssd-ldap is earlier than 0:1.12.4-47.el6_7.4
oval oval:com.redhat.rhsa:tst:20152019041
comment sssd-ldap is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20141375038
AND
comment sssd-proxy is earlier than 0:1.12.4-47.el6_7.4
oval oval:com.redhat.rhsa:tst:20152019043
comment sssd-proxy is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20141375040
AND
comment sssd-tools is earlier than 0:1.12.4-47.el6_7.4
oval oval:com.redhat.rhsa:tst:20152019045
comment sssd-tools is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20141375042

rhsa

id	RHSA-2015:2019
released	2015-11-10
severity	Low
title	RHSA-2015:2019: sssd security and bug fix update (Low)

bugzilla

id	1270827
title	local overrides: don't contact server with overridden name/id

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 7 is installed
oval oval:com.redhat.rhba:tst:20150364027

AND
comment libipa_hbac is earlier than 0:1.13.0-40.el7
oval oval:com.redhat.rhsa:tst:20152355001
comment libipa_hbac is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20141375002

AND

comment libipa_hbac-devel is earlier than 0:1.13.0-40.el7
oval oval:com.redhat.rhsa:tst:20152355003
comment libipa_hbac-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20141375004

AND
comment libsss_idmap is earlier than 0:1.13.0-40.el7
oval oval:com.redhat.rhsa:tst:20152355005
comment libsss_idmap is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20141375008

AND

comment libsss_idmap-devel is earlier than 0:1.13.0-40.el7
oval oval:com.redhat.rhsa:tst:20152355007
comment libsss_idmap-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20141375010

AND

comment libsss_nss_idmap is earlier than 0:1.13.0-40.el7
oval oval:com.redhat.rhsa:tst:20152355009
comment libsss_nss_idmap is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20141375012

AND

comment libsss_nss_idmap-devel is earlier than 0:1.13.0-40.el7
oval oval:com.redhat.rhsa:tst:20152355011
comment libsss_nss_idmap-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20141375014

AND

comment libsss_simpleifp is earlier than 0:1.13.0-40.el7
oval oval:com.redhat.rhsa:tst:20152355013
comment libsss_simpleifp is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20150441018

AND

comment libsss_simpleifp-devel is earlier than 0:1.13.0-40.el7
oval oval:com.redhat.rhsa:tst:20152355015
comment libsss_simpleifp-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20150441020

AND

comment python-libipa_hbac is earlier than 0:1.13.0-40.el7
oval oval:com.redhat.rhsa:tst:20152355017
comment python-libipa_hbac is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20152355018

AND

comment python-libsss_nss_idmap is earlier than 0:1.13.0-40.el7
oval oval:com.redhat.rhsa:tst:20152355019
comment python-libsss_nss_idmap is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20152355020

AND
comment python-sss is earlier than 0:1.13.0-40.el7
oval oval:com.redhat.rhsa:tst:20152355021
comment python-sss is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20152355022

AND

comment python-sss-murmur is earlier than 0:1.13.0-40.el7
oval oval:com.redhat.rhsa:tst:20152355023
comment python-sss-murmur is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20152355024

AND

comment python-sssdconfig is earlier than 0:1.13.0-40.el7
oval oval:com.redhat.rhsa:tst:20152355025
comment python-sssdconfig is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20141375018

AND
comment sssd is earlier than 0:1.13.0-40.el7
oval oval:com.redhat.rhsa:tst:20152355027
comment sssd is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20141375020
AND
comment sssd-ad is earlier than 0:1.13.0-40.el7
oval oval:com.redhat.rhsa:tst:20152355029
comment sssd-ad is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20141375022
AND
comment sssd-client is earlier than 0:1.13.0-40.el7
oval oval:com.redhat.rhsa:tst:20152355031
comment sssd-client is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20141375024
AND
comment sssd-common is earlier than 0:1.13.0-40.el7
oval oval:com.redhat.rhsa:tst:20152355033
comment sssd-common is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20141375026

AND

comment sssd-common-pac is earlier than 0:1.13.0-40.el7
oval oval:com.redhat.rhsa:tst:20152355035
comment sssd-common-pac is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20141375028

AND
comment sssd-dbus is earlier than 0:1.13.0-40.el7
oval oval:com.redhat.rhsa:tst:20152355037
comment sssd-dbus is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20141375030
AND
comment sssd-ipa is earlier than 0:1.13.0-40.el7
oval oval:com.redhat.rhsa:tst:20152355039
comment sssd-ipa is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20141375032
AND
comment sssd-krb5 is earlier than 0:1.13.0-40.el7
oval oval:com.redhat.rhsa:tst:20152355041
comment sssd-krb5 is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20141375034

AND

comment sssd-krb5-common is earlier than 0:1.13.0-40.el7
oval oval:com.redhat.rhsa:tst:20152355043
comment sssd-krb5-common is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20141375036

AND
comment sssd-ldap is earlier than 0:1.13.0-40.el7
oval oval:com.redhat.rhsa:tst:20152355045
comment sssd-ldap is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20141375038

AND

comment sssd-libwbclient is earlier than 0:1.13.0-40.el7
oval oval:com.redhat.rhsa:tst:20152355047
comment sssd-libwbclient is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20150441044

AND

comment sssd-libwbclient-devel is earlier than 0:1.13.0-40.el7
oval oval:com.redhat.rhsa:tst:20152355049
comment sssd-libwbclient-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20150441046

AND
comment sssd-proxy is earlier than 0:1.13.0-40.el7
oval oval:com.redhat.rhsa:tst:20152355051
comment sssd-proxy is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20141375040
AND
comment sssd-tools is earlier than 0:1.13.0-40.el7
oval oval:com.redhat.rhsa:tst:20152355053
comment sssd-tools is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20141375042

rhsa

id	RHSA-2015:2355
released	2015-11-19
severity	Low
title	RHSA-2015:2355: sssd security, bug fix, and enhancement update (Low)

rpms

libipa_hbac-0:1.12.4-47.el6_7.4
libipa_hbac-devel-0:1.12.4-47.el6_7.4
libipa_hbac-python-0:1.12.4-47.el6_7.4
libsss_idmap-0:1.12.4-47.el6_7.4
libsss_idmap-devel-0:1.12.4-47.el6_7.4
libsss_nss_idmap-0:1.12.4-47.el6_7.4
libsss_nss_idmap-devel-0:1.12.4-47.el6_7.4
libsss_nss_idmap-python-0:1.12.4-47.el6_7.4
libsss_simpleifp-0:1.12.4-47.el6_7.4
libsss_simpleifp-devel-0:1.12.4-47.el6_7.4
python-sssdconfig-0:1.12.4-47.el6_7.4
sssd-0:1.12.4-47.el6_7.4
sssd-ad-0:1.12.4-47.el6_7.4
sssd-client-0:1.12.4-47.el6_7.4
sssd-common-0:1.12.4-47.el6_7.4
sssd-common-pac-0:1.12.4-47.el6_7.4
sssd-dbus-0:1.12.4-47.el6_7.4
sssd-debuginfo-0:1.12.4-47.el6_7.4
sssd-ipa-0:1.12.4-47.el6_7.4
sssd-krb5-0:1.12.4-47.el6_7.4
sssd-krb5-common-0:1.12.4-47.el6_7.4
sssd-ldap-0:1.12.4-47.el6_7.4
sssd-proxy-0:1.12.4-47.el6_7.4
sssd-tools-0:1.12.4-47.el6_7.4
libipa_hbac-0:1.13.0-40.el7
libipa_hbac-devel-0:1.13.0-40.el7
libsss_idmap-0:1.13.0-40.el7
libsss_idmap-devel-0:1.13.0-40.el7
libsss_nss_idmap-0:1.13.0-40.el7
libsss_nss_idmap-devel-0:1.13.0-40.el7
libsss_simpleifp-0:1.13.0-40.el7
libsss_simpleifp-devel-0:1.13.0-40.el7
python-libipa_hbac-0:1.13.0-40.el7
python-libsss_nss_idmap-0:1.13.0-40.el7
python-sss-0:1.13.0-40.el7
python-sss-murmur-0:1.13.0-40.el7
python-sssdconfig-0:1.13.0-40.el7
sssd-0:1.13.0-40.el7
sssd-ad-0:1.13.0-40.el7
sssd-client-0:1.13.0-40.el7
sssd-common-0:1.13.0-40.el7
sssd-common-pac-0:1.13.0-40.el7
sssd-dbus-0:1.13.0-40.el7
sssd-debuginfo-0:1.13.0-40.el7
sssd-ipa-0:1.13.0-40.el7
sssd-krb5-0:1.13.0-40.el7
sssd-krb5-common-0:1.13.0-40.el7
sssd-ldap-0:1.13.0-40.el7
sssd-libwbclient-0:1.13.0-40.el7
sssd-libwbclient-devel-0:1.13.0-40.el7
sssd-proxy-0:1.13.0-40.el7
sssd-tools-0:1.13.0-40.el7

refmap via4

bid	77529
confirm	http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html https://bugzilla.redhat.com/show_bug.cgi?id=1267580 https://fedorahosted.org/sssd/attachment/ticket/2803/0001-Fix-memory-leak-in-sssdpac_verify.patch https://fedorahosted.org/sssd/ticket/2803 https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.1
fedora	FEDORA-2015-202c127199 FEDORA-2015-7b47df69d3 FEDORA-2015-cdea5324a8
mlist	[sssd-users] 20151021 A security bug in SSSD 1.10 and later (CVE-2015-5292)
sectrack	1034038

Last major update

13-02-2023 - 00:53

Published

29-10-2015 - 16:59

Last modified

13-02-2023 - 00:53