Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2013-0287

Overview

Vulnerability Score 4.9 4.9
CVE Id CVE-2013-0287
Last Modified 14 May 2013 11:34:09
Published 21 Mar 2013 12:55:02
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2013-0287

Summary

The Simple Access Provider in System Security Services Daemon (SSSD) 1.9.0 through 1.9.4, when the Active Directory provider is used, does not properly enforce the simple_deny_groups option, which allows remote authenticated users to bypass intended access restrictions.

Vulnerable Systems

Application

  • Fedoraproject Sssd 1.9.0

  • Fedoraproject Sssd 1.9.1

  • Fedoraproject Sssd 1.9.2

  • Fedoraproject Sssd 1.9.3

  • Fedoraproject Sssd 1.9.4


References

MLIST - [sssd-devel] 20130319 [SSSD] A security bug in SSSD 1.9 (CVE-2013-0287)

BID - 58593

SECTRACK - 1028317

SECUNIA - 52722

SECUNIA - 52704

REDHAT - RHSA-2013:0663

CONFIRM - http://git.fedorahosted.org/cgit/sssd.git/patch/?id=c0bca1722d6f9dfb654ad78397be70f79ff39af1

CONFIRM - http://git.fedorahosted.org/cgit/sssd.git/patch/?id=b63830b142053f99bfe954d4be5a2b0f68ce3a93

CONFIRM - http://git.fedorahosted.org/cgit/sssd.git/patch/?id=8b8019fe3dd1564fba657e219ec20ff816c7ffdb

CONFIRM - http://git.fedorahosted.org/cgit/sssd.git/patch/?id=7619be9f6bf649665fcbeee9e6b120f9f9cba2a5

CONFIRM - http://git.fedorahosted.org/cgit/sssd.git/patch/?id=754b09b5444e6da88ed58d6deaed8b815e268b6b

CONFIRM - http://git.fedorahosted.org/cgit/sssd.git/patch/?id=6837eee3f7f81c0ee454d3718d67d7f3cc6b48ef

CONFIRM - http://git.fedorahosted.org/cgit/sssd.git/patch/?id=6569d57e3bc168e6e83d70333b48c5cb43aa04c4

CONFIRM - http://git.fedorahosted.org/cgit/sssd.git/patch/?id=26590d31f492dbbd36be6d0bde46a4bd3b221edb

MISC - http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=910938

SUSE - openSUSE-SU-2013:0559


Last Updated: 27 May 2016 11:02:05