fkie_cve-2011-1758
Vulnerability from fkie_nvd
Published
2011-05-26 18:55
Modified
2025-04-11 00:51
Severity ?
Summary
The krb5_save_ccname_done function in providers/krb5/krb5_auth.c in System Security Services Daemon (SSSD) 1.5.x before 1.5.7, when automatic ticket renewal and offline authentication are configured, uses a pathname string as a password, which allows local users to bypass Kerberos authentication by listing the /tmp directory to obtain the pathname.
References
secalert@redhat.comhttp://git.fedorahosted.org/git/?p=sssd.git%3Ba=commit%3Bh=fffdae81651b460f3d2c119c56d5caa09b4de42a
secalert@redhat.comhttp://lists.fedoraproject.org/pipermail/package-announce/2011-May/059532.html
secalert@redhat.comhttp://lists.fedoraproject.org/pipermail/package-announce/2011-May/059619.html
secalert@redhat.comhttp://openwall.com/lists/oss-security/2011/04/29/4Patch
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=700867Patch
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=700891
secalert@redhat.comhttps://fedorahosted.org/pipermail/sssd-devel/2011-April/006138.htmlPatch
secalert@redhat.comhttps://fedorahosted.org/sssd/ticket/856Patch
secalert@redhat.comhttps://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.7
af854a3a-2127-422b-91ae-364da2661108http://git.fedorahosted.org/git/?p=sssd.git%3Ba=commit%3Bh=fffdae81651b460f3d2c119c56d5caa09b4de42a
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2011-May/059532.html
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2011-May/059619.html
af854a3a-2127-422b-91ae-364da2661108http://openwall.com/lists/oss-security/2011/04/29/4Patch
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=700867Patch
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=700891
af854a3a-2127-422b-91ae-364da2661108https://fedorahosted.org/pipermail/sssd-devel/2011-April/006138.htmlPatch
af854a3a-2127-422b-91ae-364da2661108https://fedorahosted.org/sssd/ticket/856Patch
af854a3a-2127-422b-91ae-364da2661108https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.7
Impacted products
Vendor Product Version
fedoraproject sssd 1.5.0
fedoraproject sssd 1.5.1
fedoraproject sssd 1.5.2
fedoraproject sssd 1.5.3
fedoraproject sssd 1.5.4
fedoraproject sssd 1.5.5
fedoraproject sssd 1.5.6
fedoraproject sssd 1.5.6.1


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:fedoraproject:sssd:1.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C38007C8-061C-4D6D-BC6B-83475E165A3C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fedoraproject:sssd:1.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D8F39928-292C-4B1E-849F-4CB7534558B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fedoraproject:sssd:1.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "19ACB702-62F5-4614-9CB9-AC07CCEBB399",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fedoraproject:sssd:1.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0524C067-9992-40F1-BC7A-EE382251151B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fedoraproject:sssd:1.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "74298682-9BFF-4F81-B387-BA0B036619E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fedoraproject:sssd:1.5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC55E83E-AAA5-4228-8283-57EBFCE1EEE8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fedoraproject:sssd:1.5.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "AFB0D128-F08B-41C1-B8A1-3FD7845B3F37",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fedoraproject:sssd:1.5.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "30FC0A62-9332-46F8-8415-50742BBDFC88",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The krb5_save_ccname_done function in providers/krb5/krb5_auth.c in System Security Services Daemon (SSSD) 1.5.x before 1.5.7, when automatic ticket renewal and offline authentication are configured, uses a pathname string as a password, which allows local users to bypass Kerberos authentication by listing the /tmp directory to obtain the pathname."
    },
    {
      "lang": "es",
      "value": "La funci\u00f3n krb5_save_ccname_done en providers/krb5/krb5_auth.c en el Security Services Daemon (SSSD) v1.5.x anteriores a v1.5.7 1.5.x, cuando la renovaci\u00f3n autom\u00e1tica de tickets la autenticaci\u00f3n fuera de l\u00ednea est\u00e1 configurada, utiliza una cadena de ruta como contrase\u00f1a, lo que permite a usuarios locales  eludir la autenticaci\u00f3n Kerberos listando el directorio /tmp para obtener la ruta de acceso."
    }
  ],
  "id": "CVE-2011-1758",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 3.7,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:H/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 1.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2011-05-26T18:55:02.237",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://git.fedorahosted.org/git/?p=sssd.git%3Ba=commit%3Bh=fffdae81651b460f3d2c119c56d5caa09b4de42a"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-May/059532.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-May/059619.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://openwall.com/lists/oss-security/2011/04/29/4"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=700867"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=700891"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "https://fedorahosted.org/pipermail/sssd-devel/2011-April/006138.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "https://fedorahosted.org/sssd/ticket/856"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.7"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://git.fedorahosted.org/git/?p=sssd.git%3Ba=commit%3Bh=fffdae81651b460f3d2c119c56d5caa09b4de42a"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-May/059532.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-May/059619.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://openwall.com/lists/oss-security/2011/04/29/4"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=700867"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=700891"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://fedorahosted.org/pipermail/sssd-devel/2011-April/006138.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://fedorahosted.org/sssd/ticket/856"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.7"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-287"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.