CVE-2015-5292

Severity

68%

Complexity

80%

Confidentiality

115%

Memory leak in the Privilege Attribute Certificate (PAC) responder plugin (sssd_pac_plugin.so) in System Security Services Daemon (SSSD) 1.10 before 1.13.1 allows remote authenticated users to cause a denial of service (memory consumption) via a large number of logins that trigger parsing of PAC blobs during Kerberos authentication.

Memory leak in the Privilege Attribute Certificate (PAC) responder plugin (sssd_pac_plugin.so) in System Security Services Daemon (SSSD) 1.10 before 1.13.1 allows remote authenticated users to cause a denial of service (memory consumption) via a large number of logins that trigger parsing of PAC blobs during Kerberos authentication.

CVSS 2.0 Base Score 6.8. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:C).

Overview

Type

Fedora SSSD - System Security Services Daemon

First reported 9 years ago

2015-10-29 16:59:00

Last updated 8 years ago

2016-12-07 18:16:00

Affected Software

Fedora SSSD - System Security Services Daemon 1.10.0

1.10.0

Fedora SSSD - System Security Services Daemon 1.10.1

1.10.1

Fedora SSSD - System Security Services Daemon 1.11.0

1.11.0

Fedora SSSD - System Security Services Daemon 1.11.1

1.11.1

Fedora SSSD - System Security Services Daemon 1.11.2

1.11.2

Fedora SSSD - System Security Services Daemon 1.11.3

1.11.3

Fedora SSSD - System Security Services Daemon 1.11.4

1.11.4

Fedora SSSD - System Security Services Daemon 1.11.5

1.11.5

Fedora SSSD - System Security Services Daemon 1.11.6

1.11.6

Fedora SSSD - System Security Services Daemon 1.11.7

1.11.7

Fedora SSSD - System Security Services Daemon 1.12.0

1.12.0

Fedora SSSD - System Security Services Daemon 1.12.1

1.12.1

Fedora SSSD - System Security Services Daemon 1.12.2

1.12.2

Fedora SSSD - System Security Services Daemon 1.12.3

1.12.3

Fedora SSSD - System Security Services Daemon 1.12.4

1.12.4

Fedora SSSD - System Security Services Daemon 1.12.5

1.12.5

Fedora SSSD - System Security Services Daemon 1.13.0

1.13.0

References

FEDORA-2015-202c127199

FEDORA-2015-7b47df69d3

FEDORA-2015-cdea5324a8

[sssd-users] 20151021 A security bug in SSSD 1.10 and later (CVE-2015-5292)

Vendor Advisory

RHSA-2015:2019

RHSA-2015:2355

http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html

77529

1034038

https://bugzilla.redhat.com/show_bug.cgi?id=1267580

https://fedorahosted.org/sssd/attachment/ticket/2803/0001-Fix-memory-leak-in-sssdpac_verify.patch

https://fedorahosted.org/sssd/ticket/2803

https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.1

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.