CVE

Id
49670  
CVE No.
CVE-2011-1758  
Status
Candidate  
Description
The krb5_save_ccname_done function in providers/krb5/krb5_auth.c in System Security Services Daemon (SSSD) 1.5.x before 1.5.7, when automatic ticket renewal and offline authentication are configured, uses a pathname string as a password, which allows local users to bypass Kerberos authentication by listing the /tmp directory to obtain the pathname.  
Phase
Assigned (20110419)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
539396 49670 CVE-2011-1758 MLIST:[oss-security] 20110429 vulnerability in sssd 1.5.0+ (CVE-2011-1758)  View
539397 49670 CVE-2011-1758 URL:http://openwall.com/lists/oss-security/2011/04/29/4  View
539398 49670 CVE-2011-1758 MLIST:[sssd-devel] 20110429 SSSD Security Release 1.5.7  View
539399 49670 CVE-2011-1758 URL:https://fedorahosted.org/pipermail/sssd-devel/2011-April/006138.html  View
539400 49670 CVE-2011-1758 CONFIRM:http://git.fedorahosted.org/git/?p=sssd.git;a=commit;h=fffdae81651b460f3d2c119c56d5caa09b4de42a  View
539401 49670 CVE-2011-1758 CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=700867  View
539402 49670 CVE-2011-1758 CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=700891  View
539403 49670 CVE-2011-1758 CONFIRM:https://fedorahosted.org/sssd/ticket/856  View
539404 49670 CVE-2011-1758 CONFIRM:https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.7  View
539405 49670 CVE-2011-1758 FEDORA:FEDORA-2011-5815  View
539406 49670 CVE-2011-1758 URL:http://lists.fedoraproject.org/pipermail/package-announce/2011-May/059619.html  View
539407 49670 CVE-2011-1758 FEDORA:FEDORA-2011-6279  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
35013 JVNDB-2011-005255 Xen の get_free_port 関数におけるサービス運用妨害 (DoS) の脆弱性 Xen の get_free_port 関数には、サービス運用妨害 (DoS) 状態にされる、または権限を取得される脆弱性が存在します。 CVE-2011-1763 49670 7.7 http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-005255.html  View